Fortinet Research Report

The Manufacturing OT Security Imperative

Why 82% of manufacturers faced cyber incidents in the past year—and what they're doing about it
February 2026 | N=116 Respondents
Manufacturing OT environments are under siege. While 86% of organizations rank OT security as a Top 5 business risk, 82% experienced at least one cyber incident in the past 12 months. The consequences are real: 57% of incidents impacted OT environments directly, with malware (43%), network intrusions (35%), and supply chain compromises (31%) among the most common attack vectors. The industry is responding—71% are investing $1M+ in OT security for 2026, and 50% have already deployed AI-driven security tools. But with threat detection and IT/OT convergence topping the investment priorities, it's clear the security journey is far from over.

Who We Surveyed

69%
Use ICS
61%
Use IIoT
52%
Use PLCs
51%
Use SCADA
44%
Industry 4.0
82%
Experienced at least one cyber incident targeting OT in the past 12 months
86%
Rank OT cybersecurity as a Top 5 business risk
57%
Had OT environments directly impacted by security incidents
1

82% Under Attack—And the Threat Is Only Intensifying

The data is stark: only 17% of manufacturers escaped cyber incidents entirely in the past year. Nearly half experienced 1-2 incidents, while 28% faced 3 or more—with some organizations reporting 10+ incidents annually. This isn't a theoretical risk; it's an operational reality.
Number of Cyber Incidents in Past 12 Months
Types of Security Incidents Experienced
Incident Correlation: These Attacks Don't Happen in Isolation

Of those who experienced malware impacting OT operations, many also faced additional attack types—revealing how threats often chain together.

Base: 50 respondents who experienced malware impacting OT operations

Environments Impacted by Intrusions

57% Had OT Directly Impacted—And Attacks Chain Together

When combining incidents that hit OT systems alone (34%) with those affecting both IT and OT (23%), more than half of all manufacturers saw their operational technology environments directly compromised. And these attacks don't happen in isolation: of those who experienced malware, 56% also faced network intrusions and 40% dealt with supply chain compromises. This chaining effect means a single entry point can cascade into multiple attack vectors across the environment.

2

Manufacturers Recognize the Risk—And They're Acting on It

OT cybersecurity has moved from IT concern to boardroom imperative. But recognizing a risk isn't the same as acting on it. These two charts tell a powerful story: 86% rank OT security as a Top 5 business risk, and 95% have made it a Top 5 priority for investment. When risk recognition and resource allocation march in lockstep, it signals a fundamental shift in how manufacturing approaches security.
They Recognize the Risk

Where does OT cybersecurity rank among business risks?

They're Acting on It

Where does OT cybersecurity rank among investment priorities?

Primary OT Cybersecurity Concern
OT Risk Significance Assessment

Operational Impact Is the Primary Fear

70% of respondents identify operational, safety, or financial impact as their primary concern—reflecting the unique risks of OT environments where cyber incidents cascade into physical consequences. Downtime stops production. Production stops revenue. And in manufacturing, safety incidents can put lives at risk. With 59% rating OT risks as "Very" or "Extremely" significant, manufacturers understand what's at stake.

3

IT/OT Collaboration Has Evolved—But Security Gaps Remain

Five years ago, IT and OT teams rarely collaborated on security. Today, 90% of organizations report strong or fully integrated IT/OT collaboration—an accelerated evolution driven by the recognition that siloed security creates exploitable gaps. But self-assessed maturity may not match reality.
IT/OT Collaboration Level
OT Security Program Maturity (Self-Assessed)
Current Security Platform Categories

Confidence May Exceed Capability

While 81% self-assess as "Above average" or "Industry leader" in OT security maturity, the attack data tells a different story—82% experienced incidents in the past year. Meanwhile, 50% still rely primarily on network security platforms (firewalls, SD-WAN, segmentation) for OT protection, and only 12% have deployed OT-specific security solutions. The gap between perceived and actual security posture represents both risk and opportunity.

4

Investment Is Rising—And Priorities Reveal Maturity

Manufacturers are putting substantial resources behind OT security: 71% are planning budgets of $1M or more for 2026, with a third exceeding $3M. But it's the investment priorities that reveal how far the industry has come—threat detection now tops the list, a sign that foundational visibility work is giving way to more sophisticated security operations.
OT Cybersecurity Budget Planned for 2026
OT Cybersecurity Focus Areas for 2026
AI-Driven Security Tool Adoption

A Maturity Story in the Priorities

Two or three years ago, asset visibility would have dominated these investment priorities—you can't protect what you can't see. Today, threat detection and monitoring leads at 62%, followed by IT/OT convergence (50%) and network segmentation (45%). This progression from visibility → segmentation → detection → response reflects genuine maturation. And with 50% already deploying AI-driven security tools—not just considering them—manufacturers are betting on intelligent automation to match the pace of evolving threats.

Securing the Future of Manufacturing

The complexity of manufacturing OT security demands a unified approach—one that bridges IT and OT environments, provides comprehensive visibility across diverse systems, and leverages AI to detect and respond to threats at machine speed. Fortinet's OT Security solutions deliver the integrated protection manufacturers need to defend their operational infrastructure without disrupting production.

Explore Fortinet OT Security

Methodology

Sample Size

116 Respondents

Industry

Manufacturing

Survey Period

January–February 2026

Respondent Roles

Seniority Level

Company Size (Employees)

Survey Design & Data Quality: This research surveyed 116 qualified manufacturing professionals across IT/Cybersecurity, OT, and Digital Transformation roles. All respondents were pre-screened to ensure they: (1) held senior roles (C-Suite, VP, Director, or Senior Manager level), (2) were involved in decisions related to OT cybersecurity, industrial systems, or manufacturing security, (3) worked at organizations with 1,000+ employees, and (4) managed or operated manufacturing environments with OT systems including ICS, SCADA, PLCs, IIoT, or similar technologies. All percentages are calculated based on the number of respondents who answered each specific question.
0