44% of Industrial Organizations Claim to Have Real-Time Cyber Visibility, but Nearly 60% Can't Reliably Detect OT/IoT Threats

Forescout’s Industrial Cybersecurity Benchmark 2025 Reveals Overconfidence in Critical Infrastructure Security

Forescout, a global cybersecurity leader, today released findings from the Global Industrial Cybersecurity Benchmark 2025, an international study conducted by Takepoint Research and sponsored by Forescout, that revealed some stark disconnects. The research found that 44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat detection capabilities.

Download the full report

The Industrial Cybersecurity Benchmark 2025 surveyed 236 operational technology and automation leaders to identify their key challenges, maturity gaps and strategic priorities as risks to industrial organizations rise. Rapid digitalization has increased connectivity across devices, transforming industrial environments — which in turn increases cyber risk. Rising geopolitical tensions further compound these challenges, demanding more nuanced, strategic and integrated security approaches to protect critical assets while maintaining operations.

“Industrial leaders tell us that they’re under intense pressure to modernize operations while still relying on fragmented and outdated security technologies,” said Jonathon Gordon, Directing Analyst at Takepoint Research. “They recognize that incremental fixes aren’t enough — they need a unified security strategy that bridges IT and OT, backed by executive support and driven by automation.”

Key Findings:

• The Top Security Concern is Supply Chain Threats and Cybercriminal Activity:
  • 50% of organizations claim these are their top concern, far exceeding concerns about nation-state actors (8%) and zero-day vulnerabilities (9%).
  • This reflects a focus on tangible, near-term disruptions, rather than protection against long-term strategic risks that may be harder to detect but equally damaging over time.
• Most Organizations Are in Early Stages of OT Cybersecurity Maturity:
  • Only 17% of organizations report mature OT security practices, while 64% classify their maturity as foundational, characterized by manual processes and fragmented visibility and compensating controls.
  • An additional 19% identify their cybersecurity maturity as evolving.
• Remediation Timelines Expose Prolonged Risk:
  • Over 33% of organizations take more than 90 days to remediate threats
  • 63% take over 30 days due to insufficient metrics tracking, industrial maintenance constraints and a lack of automation to streamline response workflows.
• Widespread Tool Sprawl and Fragmentation Remains a Challenge:
  • 57% of organizations deploy more than three tools to monitor IT, OT and IoT environments.
  • This results in heightened risk from blind spots, alert fatigue, inconsistent insights and increased operational complexity.
• Critical Security Tasks Are Still Highly Manual and Time-Intensive:
  • Nearly half of organizations cite vulnerability prioritization (49%) and risk mitigation (44%) as the most laborious tasks.
  • This is further exacerbated by challenges with limited staffing and heavy manual workflows.

“Low confidence in OT and IoT threat detection is a warning signal, not just a statistic,” said Christina Hoefer, Vice President of OT/ IoT Vertical and Strategy, Forescout. “For industrial organizations managing complex, high-stakes environments, improving detection means visibility across all devices, monitoring OT networks and strategically investing in security controls that respect operational needs to reduce risks and enable effective incident response.”

Research Methodology

Takepoint Research conducted a global survey of 236 professionals responsible for securing OT environments in manufacturing, energy and utilities, transportation, government, and oil and gas organizations. The research was conducted between January and March 2025.

About Takepoint Research

Takepoint Research is a specialized analyst firm focused exclusively on industrial cybersecurity. Founded in 2016, Takepoint delivers practical, bias-free insights that help industrial organizations secure their operations and meet regulatory, resilience and productivity goals. Its analyst team, comprised of seasoned industry professionals, produces trusted guidance, blueprints and strategic assessments tailored to critical infrastructure and manufacturing environments. With a mission to bring clarity and strategic focus to the complex world of Industrial Cybersecurity, Takepoint Research equips stakeholders with the knowledge to act confidently and decisively.

About Forescout

For more than 20 years, Fortune 100 organizations, government agencies and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance and mitigate threats. The Forescout 4D platform™ delivers comprehensive asset intelligence, continuous assessment and ongoing control over all managed and unmanaged, agented and un-agentable assets across IT, OT, IoT, and IoMT environments. Forescout’s open platform makes every cybersecurity investment more effective with seamless data integrations and automated workflow orchestration across more than 100 security and IT products.

Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250625170239/en/

"Low confidence in OT and IoT threat detection is a warning signal, not just a statistic."