Top 10 OT Cybersecurity Predictions to Watch

Predictions are easy to make and hard to get right. These are not predictions based on trend extrapolation or vendor marketing. They are based on what InnoVAKT sees in the field — across refineries, power plants, water utilities, manufacturing floors, and building management systems — and on the threat intelligence from Dragos, Mandiant, CISA, and ICS-CERT.

1. Ransomware Has Won — And It Is Getting Worse

Manufacturing has been the most ransomware-targeted sector for five consecutive years (IBM X-Force). Dragos reports 3,300 industrial ransomware incidents in 2025 alone — an 87% increase. Ransomware groups have learned that OT environments pay faster because production pressure makes downtime unbearable. Every hour a production line is down, the business case for paying the ransom gets stronger. This dynamic is not changing.

2. Nation-States Are Inside Your Infrastructure

Volt Typhoon — a China-linked group — maintained access to US critical infrastructure for over five years. CISA’s joint advisory was unambiguous: this activity is ‘not consistent with espionage.’ The implication is pre-positioning for potential disruption during a geopolitical crisis. VOLTZITE maintained a 300-day breach of a utility’s OT network. If you operate critical infrastructure, assume you are a target.

3. Safety Systems Are Now Direct Targets

TRITON proved that sophisticated actors will invest years developing malware specifically targeting Safety Instrumented Systems — the last automated defense against catastrophic failure. With the TRITON techniques documented and the attackers indicted, but the capability proliferating, every organization with SIS must treat this as a permanent fixture of the threat landscape, not a one-time anomaly.

4. Cloud-Connected OT Is Expanding the Attack Surface

Building management platforms, cloud historians, remote monitoring services, and IIoT analytics all create internet-facing pathways into OT environments. Johnson Controls suffered $27M+ in losses from the Dark Angels ransomware attack on its cloud-connected building automation infrastructure. The convenience of cloud connectivity comes with an attack surface that most organizations have not fully assessed.

5. The Skills Gap Is a Crisis

Over 60% of organizations report a shortage of OT cybersecurity skills as their primary barrier to improving security. This gap is structural — there are not enough people with combined OT engineering and cybersecurity expertise. The response is two-fold: managed security services for operational coverage, and structured training programs (like InnoVAKT Academy) to build internal capability over time.

6. Regulatory Pressure Is Accelerating Globally

NIS2 in Europe, TSA Security Directives in the US, NCA ECC-1:2018 in the Middle East, SOCI in Australia, and new EPA guidance for water utilities are expanding mandatory OT cybersecurity requirements. Compliance is no longer optional for critical infrastructure operators. The organizations that get ahead of regulatory requirements spend less than those that scramble to comply after enforcement begins.

7. Zero Trust Is Coming to OT — Differently

Zero-trust principles are being applied in OT through zone-based segmentation, controlled access points, passive monitoring, and integrity validation. The implementation differs fundamentally from IT zero trust because PLCs do not authenticate, Modbus does not encrypt, and adding latency to safety system communications is not an option. But the direction of travel is clear.

8. AI Cuts Both Ways

Generative AI is being applied to OT alert triage, threat intelligence analysis, and security policy generation. It is also being used by adversaries for reconnaissance, social engineering, and vulnerability discovery. AI makes defenders faster and attackers smarter at the same time. The advantage goes to whoever deploys it more effectively.

9. Supply Chain Attacks Will Escalate

The SolarWinds, Kaseya, MOVEit, and 3CX compromises demonstrated that supply chain attacks affect thousands of organizations simultaneously. OT supply chains are particularly vulnerable due to the deep trust relationships among asset owners, system integrators, and equipment vendors. InnoVAKT’s vendor management framework, embedded in our GoSecure™ assessments, addresses this growing attack vector.

10. The IT/OT Convergence Cannot Be Reversed

Digitalization, remote operations, cloud analytics, and workforce expectations are permanently dissolving the boundary between IT and OT. Organizations that resist convergence fall behind operationally. Organizations that embrace it without security governance create the conditions for catastrophic compromise. The only viable path is managed convergence with security built into the architecture from the ground up.

These trends are not future risks. They are current realities. The question is not whether your organization will face them — it is whether you will face them prepared.