Author

Andrew Lintell

Published

14 April 2025

Estimated Read time

6Mins

Andrew Lintell, General Manager, EMEA at Claroty, looks at why your business should be investing in Operational Technology (OT) security in 2025.

State-sponsored cyber threats are escalating. In a recent speech at the UK Government’s Cyber Security Conference, NCSC Richard Horne highlighted nation-state activity as a leading issue in an increasingly hostile cyber threat landscape.   

While many industries are at risk of this heightened aggression, critical infrastructure is particularly vulnerable. Essential services such as energy, water, and transport have become key targets in aggressive geopolitical cyber strategies.  

The risk is made worse by the fact that so much critical infrastructure relies on operational technology (OT) systems that are often outdated, heavily siloed, and easy prey for dedicated threat actors. To withstand these evolving threats, 2025 must be the year of OT security investment, where IT and OT teams work in unison to defend against nation-state adversaries. 

How nation-state cyber threats are accelerating 

Cyberattacks against critical infrastructure have become a fundamental tool of statecraft, with activity aimed at disrupting economies, weakening rivals, and asserting geopolitical influence. 

The CRINK nations – China, Russia, Iran, and North Korea – are among the most active. You can connect almost all nation-state-sponsored cyber incidents to one of the four. In just one example, last year multiple security agencies around the world, including the NCSC and CISA, issued a joint advisory against Chinese state-sponsored actor ‘Volt Typhoon’. The group targets water, energy and transportation sectors around the world with the intention of setting up significant and disruptive attacks in the future.  

The most worrying aspect of these attacks is their potential to cripple essential services. Attacks on cyber-physical systems causing operational downtime and widespread disruption can create very real damage in the physical world, from energy blackouts to preventing emergency healthcare.  

One of the most prominent examples is Sandworm, an APT linked to Russian military intelligence, which is believed responsible for multiple attacks on Ukraine’s power grid over the last decade. The group deployed the Industroyer and Industroyer 2 malware, custom-built for targeting industrial equipment using specific protocols. Sandworm is also responsible for the notorious NotPetya malware, which spread far beyond its intended Ukrainian targets.  

The convergence of IT and OT environments has inadvertently expanded the attack surface and given cyber adversaries new opportunities to infiltrate industrial control systems. 

The outdated siloed model of IT and OT security is no longer viable 

For years, businesses have treated IT and OT security as separate disciplines, with little in the way of united visibility or strategy. This may have worked in years past. However, the increasing crossover between the two fields means this fragmented approach is no longer sufficient.  

Traditional IT security models – typically focused on protecting data and network perimeters – fail to address the unique risks posed to OT environments, where system uptime and physical safety are paramount. 

Visibility is one of the key challenges. OT networks tend to include a large number of legacy systems that were not designed for modern security controls. Further, it’s common to find multiple different proprietary operating systems. This makes it more difficult to effectively monitor the network and detect signs of intrusion and malicious activity.  

Attackers can exploit connectivity between IT and OT systems, using IT breaches as stepping stones to disrupt critical operations, while also using the visibility gaps to avoid detection.  

Budget priorities must shift towards OT security 

Despite the rising threat to OT environments, cybersecurity budgets have traditionally focused on IT security, leaving industrial systems vulnerable. This must change in the year ahead, and budget trends must shift to favour OT-specific investments if organisations are to defend against nation-states and other advanced threats. 

Key investment areas should include both OT-specific threat detection and intrusion prevention systems and network segmentation to limit lateral movement in case of a breach. It’s also important to implement secure remote access solutions to mitigate third-party risks from the expansive supply chains present in most critical sectors.  

Prioritising the budget for OT also needs to go beyond common vulnerabilities and exposures (CVEs) because there are just so many potential vulnerabilities out there. In a sample of 270 organisations, we found more than 111,000 known exploited vulnerabilities (KEVs) in OT devices – an impossible number to budget for. 

The key to making it manageable is to filter for public exploits linked to threat groups and insecure connectivity to find the most critical issues. From our sample, this reduced 111,000 to around 3,800 – creating a manageable, targeted remediation approach.  

Equally as important as this, any technology must be backed by close collaboration between IT and OT departments.  

Bridging the IT-OT cultural divide is key 

OT management often remains heavily siloed from IT, even as the two sets of technology have become increasingly interconnected to facilitate better automation and remote access.  

The two fields also have different priorities. Historically, IT has focused on data confidentiality and access control, while OT is more concerned with delivering safety, uptime, and operational efficiency. These differing objectives often lead to resistance when implementing cybersecurity measures, particularly if stakeholders perceive them as disruptive to critical processes. 

To bridge this divide, organisations must actively seek to foster cross-functional collaboration between IT and OT teams. On an operational level, investing in OT-specific cybersecurity education can help teams understand emerging threats. 

CISOs play a crucial role in aligning these teams, ensuring that security controls enhance, rather than hinder, operational continuity. Companies that successfully embed cybersecurity into their organisational culture will be far better positioned to detect, mitigate, and respond to OT threats. 

Why IT-OT security task forces are the next step in cyber resilience 

One of the most effective ways to align OT security with the rest of the organisation is to establish joint IT-OT security task forces that report directly to the board. These groups can not only improve collaboration between the two environments, but also make it easier to raise OT security as a board-level issue. This level of stakeholder visibility can make it easier to secure dedicated resources for OT-specific threat detection, vulnerability management, and incident response. 

A well-structured IT-OT security task force should conduct regular risk assessments to identify vulnerabilities across converged environments, working together to implement solutions like network segmentation to contain potential breaches. It’s also important to develop OT-specific incident response plans to minimise downtime during attacks. 

Treating OT security as a business essential 

As state-sponsored threats escalate, OT security can no longer play second fiddle to IT. All organisations managing cyber-physical systems must ensure they prioritise investing in OT-specific protections in the year ahead, along with the education and collaboration needed to use them effectively.  

Those who take a proactive approach to OT security in 2025 have the best chance of foiling cyber adversaries’ intent on disrupting critical infrastructure as part of their geopolitical agenda.  

  • Cybersecurity

Related Stories

Niranjan Vijayaragavan, Chief Product Officer at Nintex, interrogates SaaS sprawl and how IT teams can manage it.

Steady doesn’t mean slow when tackling software sprawl 

Niranjan Vijayaragavan, Chief Product Officer at Nintex, interrogates SaaS sprawl and how IT teams can manage it.

Read now
Carl Lens, Head of Digital Regreening at Justdiggit, explores the evolving role of technology in scaling landscape restoration initiatives, and how digital tools can sit alongside nature-based solutions to influence long-lasting change.

AI for good: Scaling nature-based solutions with digital technology

Carl Lens, Head of Digital Regreening at Justdiggit, explores the evolving role of technology in scaling landscape restoration initiatives, and how digital tools can sit alongside nature-based solutions to influence long-lasting change.

Read now
Richard Claridge, applied physics expert at PA Consulting, makes the case that 2025 could be the year to invest in quantum computing capabilities.

Taking the quantum leap

Richard Claridge, applied physics expert at PA Consulting, makes the case that 2025 could be the year to invest in quantum computing capabilities.

Read now
Adi Polak, Director of Advocacy and Developer Experience Engineering, at Confluent, breaks down five key challenges organisations face when implement Agentic AI.

5 Agentic AI challenges, and how to overcome them

Adi Polak, Director of Advocacy and Developer Experience Engineering, at Confluent, breaks down five key challenges organisations face when implement Agentic AI.

Read now
Karel Callens, CEO at Luzmo, explores how AI is being used to deliver hyper-personalisation to revolutionise a traditional BI interface.

Why AI + BI = real intelligence for businesses

Karel Callens, CEO at Luzmo, explores how AI is being used to deliver hyper-personalisation to revolutionise a traditional BI interface.

Read now
We interview Martin Taylor, Co-Founder and Deputy CEO of Content Guru, to explore the impact of the Internet of Things on the retail landscape, customer experiences, and payments.

Q&A: How IoT-enabled “Digital Customers” are reshaping customer experiences

We interview Martin Taylor, Co-Founder and Deputy CEO of Content Guru, to explore the impact of the Internet of Things on the retail landscape and customer experiences.

Read now
Peer Software CEO Jimmy Tam presents a new approach to unlocking business resilience and continuity with real-time file synchronisation.

Rethink real-time file synchronisation: unlocking resilience and business continuity

Peer Software CEO Jimmy Tam presents a new approach to unlocking business resilience and continuity with real-time file synchronisation.

Read now
Chuck Herrin, Field CISO at F5, looks at AI-powered cyberattacks, supply chain risk, and other threats converging to define 2025.

The year of AI, reduced human oversight, and supply chain instability

Chuck Herrin, Field CISO at F5, looks at AI-powered cyberattacks, supply chain risk, and other threats converging to define 2025.

Read now
George Hannah, Senior Global Director for Chilled Water Systems at Vertiv, looks at the potential for chilled water systems to help data centres meet AI cooling demands.

Redefining data centre cooling: the role of chilled water solutions in a high-density, AI-driven world

George Hannah, Senior Global Director for Chilled Water Systems at Vertiv, looks at the potential for chilled water systems to help data centres meet AI cooling demands.

Read now

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.

Get in touch