An early read from senior IT and operational-technology leaders across U.S. transportation, on the threats they face, the gaps compliance leaves behind, and where they're putting their next dollar.
Preliminary data. These results reflect the first 29 completed responses of a target 150. Findings are directional and will firm up as the sample grows, particularly for sub-group cuts.
Cybersecurity has moved to the top of the agenda for transportation's operational systems, yet most leaders say compliance alone doesn't cover them and three in four are increasing spend to close the gap.
Across these early respondents, the signal is consistent: rising concern, real incident experience, near-universal reliance on wireless connectivity in the field, and a clear-eyed view that meeting regulations is a floor, not a finish line.
Operational technology used to sit in the background of the security conversation. Not anymore. Nearly every leader in this early sample places cybersecurity for their operational and transportation systems among their organization's top priorities, and two-thirds feel more urgency about it than they did a year ago.
The "is OT security a real priority?" debate looks settled in this group. 66% are more or far more concerned than a year ago, and only 9% report falling concern. For a vendor, the conversation has shifted from making the case that OT security matters to showing how to act on it.
When asked what concerns them most, leaders point first to the things that stop trains, planes, and freight from moving, and to the data those operations generate. These aren't hypothetical fears: 76% have dealt with at least one security incident affecting operational systems in the past 12 months.
The top two concerns, operational disruption (66%) and data breach (62%), map directly to the business consequences executives are measured on. Meanwhile 55% describe their posture as "mature" but only 14% as "advanced," a self-awareness gap that points to room for orchestration, automation, and detection maturity.
One of the clearest signals in the data: meeting regulatory requirements is not the same as being secure, and leaders know it. Only 41% believe compliance fully covers their security needs. The other 59% see gaps, and they can name them.
A 59% gap between "compliant" and "covered" is the opening for a security conversation that goes beyond audits and checklists. With ISO 27001 (55%), NIST (48%), and TSA directives (48%) all in play, leaders are juggling multiple frameworks, and looking for help translating them into operational protection.
Transportation infrastructure lives outside the four walls: field cabinets, vehicles, temporary sites, remote locations. Connectivity to those assets is now mission-critical or very important to 93% of respondents, and securing it ranks at the very top of where they plan to invest next.
Secure connectivity for field, mobile, and remote environments is the single most common top-3 investment priority (45%), ahead of cloud security and incident response. Pair that with 76% increasing budgets and 76% planning cloud applications directly in their operational environment, and the direction of travel is unmistakable: protecting distributed, connected operations is the spend that's coming.
The early signal is clear: leaders are prioritizing OT security, looking past compliance, and investing in the distributed connectivity their operations depend on. Fortinet helps transportation organizations converge networking and security across IT, OT, and the mobile edge, so protection follows operations wherever they run.
Explore Fortinet for TransportationPreliminary findings from an ongoing conversational survey of senior leaders responsible for cybersecurity and operational technology in U.S. transportation organizations.
Percentages are calculated from completed responses (n=29) unless noted. Single-select questions sum to 100% (rounding may cause ±1%). Multi-select questions (Q4 concerns, Q11 frameworks) allow more than one answer per respondent and therefore sum to more than 100%. The Q13 investment chart shows the share of respondents placing each area in their top 3 of 9 ranked items. Sample skews private-sector (69% / 31% public) and toward logistics/freight/fleet operators; sub-group differences are directional at this sample size and will be reported with greater confidence as responses approach the 150 target.