Manufacturers are increasingly allocating cybersecurity budgets to operational technology (OT), emphasizing governance and resilience through frameworks such as ISA/IEC 62443 and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This reallocation arises from escalating cyber threats, stricter regulatory requirements, and greater supply chain risk awareness.
Recent trends show industrial firms moving from reactive patching to more strategic cybersecurity initiatives specific to OT environments. A 2025 SANS Institute survey reports that 81% of industrial organizations devote less than half of their cybersecurity spending to OT security, but this disparity is gradually narrowing as industry knowledge increases. Mark Stacey, strategy director at Dragos, notes that current investments target risk-based programs encompassing threat detection, asset visibility, incident response, and business continuity. Insurers are now requiring evidence of OT controls before policy renewals. Additionally, 55% of organizations increased OT security budgets over the past two years, with 23% indicating significant growth, according to James Winebrenner, CEO of Elisity.Citations available.
