A new Forrester study commissioned by Schneider Electric has found that 91% of critical infrastructure organisations experienced at least one operational technology (OT) cyber breach in the past 18 months, despite existing security measures.
The survey of 262 OT security decision-makers across North America, EMEA, APAC, and South America highlights the scale of the problem. One-third of respondents reported suffering between four and six breaches, while 11% experienced between seven and ten. The consequences were significant: 53% cited reputational harm, 51% reported service interruptions, 49% suffered revenue loss, and 41% faced regulatory penalties.
Schneider Electric’s President of Cybersecurity Solutions, Jay Abdallah, said the figures show the need for faster action: “Modern cyber incidents have impacts that surpass purely technical interruptions. They erode trust, disrupt operations, and threaten financial stability. To close the widening OT cybersecurity gap, organisations must combine internal capabilities with external partnerships that bring specialised, operationally aware expertise”.
Forrester’s data underlines those capability gaps. Only 40% of organisations had 24/7 monitoring in place for OT cyber threats. Two-thirds lacked full visibility across connected OT assets and systems, while 71% admitted their OT environments were vulnerable entry points into wider networks. Worryingly, more than half said they still relied on IT security practices for OT — a mismatch that often undermines equipment performance and fails to address OT-specific risks.
The report points to “Secure by Operations” as a necessary evolution beyond traditional “Secure by Design” principles. This approach emphasises continuous monitoring, patching, configuration management, and defined shared responsibilities between technology providers, integrators, and asset owners. Three-quarters of respondents said adopting these principles was critical to mitigating future OT attacks, with reported benefits including faster recovery times, reduced capital expenditure, and improved reputation.
The findings echo a wider pattern across industrial sectors. OT systems — once air-gapped and isolated — are now deeply interconnected through digitalisation initiatives, exposing them to a threat landscape more familiar to enterprise IT. The study suggests that while boards recognise the risks, execution lags. Many businesses lack internal expertise, with half turning to managed security service providers to fill the gap.
Cybersecurity in critical infrastructure has become less about whether an attack will occur and more about resilience and recovery when it does. Forrester’s research points to a future in which continuous oversight and operationally tailored security, rather than perimeter defences, will define competitiveness as much as compliance.
