75% Of Critical Infrastructure Organizations Endorse 'Secure By Operations' Strategy To Defend Against OT Cyberattacks

• Nine in ten critical infrastructure organizations hit by OT attacks in the past 18 months
• One-third of those suffered 4-6 attacks in the last 18 months due to limited visibility and capabilities
• 11% experienced between 7-10 breaches despite existing security measures

A newly commissioned global study of over 250 global Operational Technology (OT) critical infrastructure security decision-makers^[1], conducted by Forrester Consulting on behalf of Schneider Electric, reveals that 91% of global organizations experienced at least one OT breach or failure in the past 18 months, even with security measures in place. These incidents led to service interruptions (51%), revenue loss (49%), and reputational damage (53%).

Roughly seven in ten global critical infrastructure security decision-makers said they were concerned about their ability to protect their organization; six in ten questioned their capabilities to detect an OT cyberattack.

The study highlights a critical gap: 51% still rely on traditional information technology (IT) practices to secure OT environments and only 40% have 24/7 monitoring in place for OT cyber threats.

Other key findings suggest that implementing ‘Secure by Operations’ principles^[2] – the practice of embedding cybersecurity into complex, mixed-technology operational environments with an emphasis on proactive, continuous cybersecurity post-deployment – could significantly improve OT security for critical infrastructure:

• 75% of respondents agree that ‘Secure by Operations’ ­strategies are likely instrumental in mitigating future OT cyberattacks.
• Organizations that have adopted these principles report up to 53% faster recovery time and a 51% reduction in capital expenditure (CapEx).
• Nearly half of respondents indicate potential gains in company reputation (50%), operational efficiency (45%), and regulatory compliance (44%).

The study points out that many critical infrastructure operations teams lack the strategy and solution capabilities needed to protect their OT environments. Managed security service providers (MSSPs) can help organizations augment their current security practices by providing solution capabilities, staffing, and expertise needed for securing and monitoring OT environments, maintaining compliance, and managing response and recovery services.

Jay Abdallah, President, Cybersecurity Solutions, Schneider Electric, commented: “These figures show that while cybersecurity risk is well recognized, the pace of action to mitigate it must accelerate. Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability. To close the widening OT cybersecurity gap, organizations must combine internal capabilities with external partnerships that bring specialized, operationally aware expertise. Securing the effective integration between IT and OT environments is critical - not only to strengthen an organization’s security posture, but also to drive industrial competitiveness by enabling smarter, more efficient operations.”

As the threat landscape evolves, 'Secure by Design' principles must be supported by secure deployment guidelines and configurations when integrating technology into end-user environments. Ongoing maintenance and oversight throughout the technology lifecycle should follow 'Secure by Operations' practices.

About Schneider Electric
Schneider’s purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. At Schneider, we call this Life Is On.

Our mission is to be the trusted partner in Sustainability and Efficiency.

We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitalization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers.

We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all.

For more information, visit www.se.com

^[1]This commissioned study of 262 global OT critical infrastructure security decision-makers was conducted by Forrester Consulting on behalf of Schneider from April 2025 and surveyed security leaders across North America, EMEA, APAC, and South America. The study was completed in June and first released in September 2025. Industries represented include critical infrastructure operators, asset owners, OEMs and government authorities.

^[2]‘Secure by Operations’ is the practice of implementing cybersecurity into complex, mixed-technology operational environments. It goes beyond the protections offered by technology vendors through ‘Secure by Design’ principles by focusing on secure implementation, configuration, and ongoing maintenance, with clearly defined responsibilities for technology providers, system integrators, and asset owners.