As the number of connected operational technology (OT) and industrial control systems (ICS) continue their respective rapid growth rates through 2025, enterprise security teams must confront a handful of key trends if they hope to keep pace with corresponding risks.
By 2028, the number of devices connected to the internet is expected to reach 35 billion. That's up from 13 billion just two years ago. The global OT security market is projected to grow from nearly $21 billion in 2024 to $45 billion by 2029—a growth rate that underscores the steep cybersecurity challenges facing critical infrastructure.
In this post, we examine the key trends most pressing for those charged with securing OT/ICS technologies this year.
Governments worldwide are expected to strengthen cybersecurity regulations with specific requirements for OT security. Sector-specific security directives will likely expand beyond energy and transportation to other industrial sectors such as water, food and beverage, and pharmaceuticals. Key regulations and initiatives will impact critical infrastructure cybersecurity in the U.S., E.U., and Asian nations in 2025.
Within the United States, the final rule for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is expected to be published later this year. In April 2024, CISA published its Notice of Proposed Rulemaking regarding CIRCIA, and when finalized, CIRCIA will require critical infrastructure operators to report specific cybersecurity incidents to federal agencies. The rule is expected to enable CISA to more rapidly deploy resources to help cyberattack victims, identify broad industry and cross-industry attack trends, and provide defenders with timely warnings.
The US also passed the Executive Order on Port Cybersecurity in 2024. This will also affect critical infrastructure operators this year. The Executive Order on Port Cybersecurity strengthens cybersecurity measures for US ports and maritime infrastructure. Finally, the EPA Cybersecurity Requirements for Water Systems Mandates aim to help enhance the cybersecurity of operational technology involved in producing and distributing safe drinking water.
"The Trump administration has signaled a priority to focus on securing water facilities and building capacity. This may also include broader rural community priorities in energy and healthcare that enjoys bipartisan support."
—Jeff Le
Each of these actions by the federal government will increase scrutiny of critical infrastructure cybersecurity efforts. Jeff Le, VP of global government affairs and public policy at SecurityScorecard and former deputy cabinet secretary for the State of California focused on cyber, emerging technology, and homeland security matters, said he expects the incoming administration to continue the federal government's focus on rural community security and critical infrastructure.
"The Trump administration has signaled a priority to focus on securing water facilities and building capacity. This may also include broader rural community priorities in energy and healthcare that enjoys bipartisan support. The incoming administration and industry may collaborate deeper in providing low-cost or pro bono services and tools to these entities in the new year," Le said.
In addition to steps taken by the U.S. federal government, there's also increased focus on the critical infrastructure within EMEA. For instance, there is increasing scrutiny regarding critical infrastructure security with the EU's NIS2 Directive, which covers network and information systems that provide essential services. At the same time, Singapore's Operational Technology Cybersecurity Masterplan (which went into effect in August) is, as the name implies, a comprehensive strategic blueprint designed to enhance the nation's OT security.
These regulatory enhancements will optimistically increase the focus on building resiliency into OT/ICS and, as these regulations continue to evolve, hopefully, create more OT/ICS cybersecurity regulatory harmonization across the globe.
As new devices continue to come online, they continue to transform industrial environments into an interconnected web of sensors and actuators. Every new device is potentially a new entry point for threat actors. We're seeing critical infrastructure sectors increasingly digitized, with IIoT spending projected to hit an eye-opening $500 billion.
While these investments aim to unlock unprecedented levels of efficiency and innovation, they also increase society's attack surface. If these incremental risks are not correctly managed, the dangers of broad digital disruptions will increase.
"The question isn't just about how many devices we can connect, but how we can secure these systems without stifling the innovation that drives it," says Michel Ruiz, general manager of cyber innovation at Honeywell Connected Enterprise.
Throughout 2025, OT/ICS cybersecurity defenders will increasingly rely on AI to further enhance and automate their security defenses. AI will augment existing threat detection and response capabilities by analyzing vast amounts of network traffic, behavior patterns, and system logs in real time, identifying anomalies and malicious activities that are often difficult to detect through traditional methods.
Cybersecurity teams will leverage AI for predictive analytics, forecasting potential risks before they materialize and enabling proactive risk management strategies.
"AI can analyze vast amounts of data in real-time, identifying anomalies and potential threats faster than traditional methods. For example, AI-driven tools can detect behavioral anomalies in OT environments that might indicate a cyberattack, even when these behaviors mimic normal IT patterns," says Ruiz.
However, integrating AI in OT cybersecurity will also present challenges, such as the need for robust AI governance frameworks, cross-sector defense networks, and human-AI collaboration protocols to maintain meaningful control and accountability.
With increased breaches and regulatory risks, cybersecurity will remain a top concern. It will require CISOs to work more closely with CIOs and other top executives to help manage cross-business risk prioritization and mitigation.
Recent SEC cybersecurity scrutiny has also increased board-level cybersecurity oversight and CISO accountability, calling for closer alignment between cybersecurity leadership and top executives.
"The role of the CISO often needs more authority or expertise for OT environments, where asset owners have unique operational priorities. To address this, we're beginning to see the emergence of specialized OT virtual CISOs or field OT CISOs that bridge the gap between traditional cybersecurity leadership and the distinct needs of operational technology."
—Chris Warner
For instance, Deloitte Global's Global Future of Cyber Survey of about 1,200 cyber decision-makers across 43 countries found that 20% of businesses now have their CISOs reporting directly to CEOs. That's up from 14% in 2023. This trend is expected to continue as companies adapt to evolving risks.
Chris Warner, senior security consultant for OT governance risk and compliance at GuidePoint Security, says he sees a burgeoning trend toward CISOs with specialized experience and skills in OT environments.
"The role of the CISO often needs more authority or expertise for OT environments, where asset owners have unique operational priorities," said Warner. "To address this, we're beginning to see the emergence of specialized OT virtual CISOs or field OT CISOs that bridge the gap between traditional cybersecurity leadership and the distinct needs of operational technology. This evolution is crucial as asset owners and consultants continue establishing governance and evaluating organizational structures, people, processes, and technologies to align them with the shifting threat landscape and regulatory expectations," Warner added.
This year, security professionals will continue prioritizing several areas of their cybersecurity programs to manage risk better. This includes continued work toward implementing zero-trust architectures and investments toward advanced segmentation and continuous monitoring of OT networks. Security teams will also prioritize the modernization of legacy systems, particularly those reaching end-of-life, to reduce vulnerabilities.
Kurt Osburn, director at NCC group, said that security professionals focus on securing legacy systems that may not be easily updated, improving firewall implementations, and conducting regular risk assessments in ICS environments. "The goal is to address vulnerabilities unique to ICS while ensuring minimal disruption to operations," Osburn said.
To succeed, collaboration across IT and OT teams will be crucial, with unified security operations centers being established to monitor both physical and digital assets comprehensively.
As with most recent years, 2025 will also bring unforeseen (but foreseeable) data breaches and cybersecurity incidents—hopefully, the increased maturity and investments will provide more defense-in-depth and protect critical infrastructure against threats.
George V. Hulme is an award-winning journalist and internationally recognized information security and business technology writer. He has covered business, technology, and IT security topics for more than 20 years. His work has appeared in CSOOnline, ComputerWorld, InformationWeek, Security Boulevard, and dozens of other technology publications. He is also a founding editor at DevOps.com.
