Fortinet Releases 2025 State of Operational Technology and Cybersecurity Report Highlighting Advances in OT Security Maturity and C-Suite Responsibility

Fortinet's 2025 report reveals improved OT cybersecurity maturity and executive accountability, highlighting best practices for enhanced security.

Quiver AI Summary

Fortinet has released its 2025 State of Operational Technology and Cybersecurity Report, revealing significant progress in operational technology (OT) cybersecurity maturity among organizations. The report highlights a growing trend of corporate responsibility for OT security being elevated to executive levels, with 52% of organizations now assigning OT accountability to the CISO or CSO. Self-reported OT security maturity has improved, correlating with a reduction in the impact of cyber intrusions. Organizations that adopt cybersecurity best practices, such as improved training and vendor consolidation, have reported a decrease in incidents like business email compromise. The report provides actionable insights for strengthening security postures, emphasizing the importance of visibility, network segmentation, and integrating OT into overall security operations.

Potential Positives

Fortinet's report shows a significant increase in organizations assigning responsibility for operational technology (OT) security to senior executives, with over half (52%) of organizations now reporting that the CISO/CSO is responsible for OT, reflecting heightened awareness and prioritization of cybersecurity at the board level.
The report highlights a positive trend in the maturity of OT cybersecurity, with self-reported maturity levels improving and a notable decrease in operational outages that impact revenue, falling from 52% to 42% for impacted organizations.
Fortinet's solutions are demonstrated to enhance cyber resilience, as indicated by a 93% reduction in cyber incidents at remote OT sites through unified networking and security, showcasing the effectiveness of their offerings in mitigating risks.

Potential Negatives

Although the report shows an increase in OT security responsibility at the C-suite level, it also indicates that nearly half of organizations still experienced impacts from intrusions, highlighting a persistent vulnerability in their cybersecurity posture.
Despite some organizations reporting progress in OT security maturity, the mention of advanced persistent threats (APTs) and OT malware being difficult to detect raises concerns about the adequacy of current security measures.
The significant decrease in the number of OT device vendors may suggest a consolidation that could potentially limit diversity and innovation in OT security solutions for organizations relying solely on a few vendors.

FAQ

What are the key findings from Fortinet's 2025 OT Cybersecurity Report?

The report highlights increased C-suite responsibility for OT security, improvements in security maturity, and a drop in intrusion impacts.

How is OT security evolving in organizations?

Organizations are integrating OT security under CISO leadership, recognizing its importance at the board level with a growing commitment to maturity.

What best practices can improve OT cybersecurity?

Establishing visibility, deploying segmentation, and integrating OT into SecOps are recommended best practices to enhance cybersecurity in OT environments.

How does cybersecurity maturity affect intrusion impact?

Higher OT security maturity correlates with fewer attacks and better responses to low-sophistication threats, reducing operational disruption.

What trends are emerging in vendor consolidation for OT security?

More organizations are consolidating OT vendors, with 78% now using one to four vendors, indicating maturity and operational efficiency improvements.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$FTNT Congressional Stock Trading

Members of Congress have traded $FTNT stock 5 times in the past 6 months. Of those trades, 2 have been purchases and 3 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by members of Congress over the last 6 months:

REPRESENTATIVE JEFFERSON SHREVE sold up to $50,000 on 05/12.
REPRESENTATIVE DAN NEWHOUSE sold up to $15,000 on 04/11.
REPRESENTATIVE BYRON DONALDS has traded it 2 times. They made 2 purchases worth up to $30,000 on 02/13 and 0 sales.
REPRESENTATIVE ROBERT BRESNAHAN sold up to $15,000 on 01/13.

To track congressional stock trading, check out Quiver Quantitative's congressional trading dashboard.

$FTNT Insider Trading Activity

$FTNT insiders have traded $FTNT stock on the open market 35 times in the past 6 months. Of those trades, 2 have been purchases and 33 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by insiders over the last 6 months:

KEN XIE (PRESIDENT & CEO) has made 0 purchases and 17 sales selling 455,966 shares for an estimated $45,947,596.
MICHAEL XIE (VP, ENGINEERING & CTO) has made 0 purchases and 7 sales selling 330,330 shares for an estimated $32,455,790.
KEITH JENSEN (Chief Financial Officer) has made 0 purchases and 6 sales selling 41,160 shares for an estimated $4,596,626.
KENNETH A GOLDMAN has made 0 purchases and 2 sales selling 3,000 shares for an estimated $299,320.
CHRISTIANE OHLGART (Chief Financial Officer) sold 1,164 shares for an estimated $121,883
WILLIAM H. NEUKOM has made 2 purchases buying 663 shares for an estimated $69,789 and 0 sales.

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$FTNT Hedge Fund Activity

We have seen 678 institutional investors add shares of $FTNT stock to their portfolio, and 533 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

T. ROWE PRICE INVESTMENT MANAGEMENT, INC. removed 6,292,564 shares (-93.1%) from their portfolio in Q1 2025, for an estimated $605,722,210
VANGUARD GROUP INC added 3,546,934 shares (+5.2%) to their portfolio in Q1 2025, for an estimated $341,427,866
PRICE T ROWE ASSOCIATES INC /MD/ removed 3,463,766 shares (-30.9%) from their portfolio in Q1 2025, for an estimated $333,422,115
DZ BANK AG DEUTSCHE ZENTRAL GENOSSENSCHAFTS BANK, FRANKFURT AM MAIN added 2,495,357 shares (+12560.9%) to their portfolio in Q1 2025, for an estimated $240,203,064
BLACKROCK, INC. added 1,985,703 shares (+3.5%) to their portfolio in Q1 2025, for an estimated $191,143,770
D. E. SHAW & CO., INC. removed 1,797,545 shares (-41.1%) from their portfolio in Q1 2025, for an estimated $173,031,681
AQR CAPITAL MANAGEMENT LLC added 1,733,670 shares (+40.9%) to their portfolio in Q1 2025, for an estimated $166,883,074

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$FTNT Analyst Ratings

Wall Street analysts have issued reports on $FTNT in the last several months. We have seen 8 firms issue buy ratings on the stock, and 1 firms issue sell ratings.

Here are some recent analyst ratings:

Rosenblatt issued a "Buy" rating on 06/17/2025
Wedbush issued a "Outperform" rating on 05/08/2025
Keybanc issued a "Overweight" rating on 05/08/2025
Scotiabank issued a "Sector Outperform" rating on 05/08/2025
Morgan Stanley issued a "Overweight" rating on 04/16/2025
Goldman Sachs issued a "Buy" rating on 02/07/2025
Piper Sandler issued a "Overweight" rating on 02/07/2025

To track analyst ratings and price targets for $FTNT, check out Quiver Quantitative's $FTNT forecast page.

$FTNT Price Targets

Multiple analysts have issued price targets for $FTNT recently. We have seen 22 analysts offer price targets for $FTNT in the last 6 months, with a median target of $106.5.

Here are some recent targets:

Catharine Trebnick from Rosenblatt set a target price of $125.0 on 06/17/2025
Daniel Ives from Wedbush set a target price of $120.0 on 05/08/2025
Roger Boyd from UBS set a target price of $105.0 on 05/08/2025
Dan Bergstrom from RBC Capital set a target price of $105.0 on 05/08/2025
Eric Heath from Keybanc set a target price of $115.0 on 05/08/2025
Patrick Colville from Scotiabank set a target price of $115.0 on 05/08/2025
Andrew Nowinski from Wells Fargo set a target price of $95.0 on 05/08/2025

Full Release

SUNNYVALE, Calif., July 09, 2025 (GLOBE NEWSWIRE) -- Fortinet ® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the findings from its global 2025 State of Operational Technology and Cybersecurity Report . The results represent the current state of operational technology (OT) cybersecurity and highlight opportunities for continued improvement for organizations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organizations, the report offers best practices to help IT and OT security teams better secure their cyber-physical systems.

“The seventh installment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organizations self-reporting increased rates of OT security maturity,” said Nirav Shah, Senior Vice President, Products and Solutions, at Fortinet. “Alongside these trends, we’re seeing a decrease in the impact of intrusions in organizations that prioritize OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.”

Key findings from the global survey include:

Responsibility for OT security continues to elevate within executive ranks: There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives. As accountability continues to shift into executive leadership, OT security is elevated to a high-profile issue at the board level. The top internal leaders who influence OT cybersecurity decisions are now most likely to be the CISO or CSO by an increasingly wide margin. Now more than half (52%) of organizations report that the CISO/CSO is responsible for OT, up from 16% in 2022. For all C-suite roles, this has spiked to 95%. Additionally, the number of organizations intending to move OT cybersecurity under CISO in the next 12 months has increased from 60% to 80% in 2025.

OT cybersecurity maturity is affecting the impact of intrusions: Self-reported OT security maturity has made notable progress this year. At the basic Level 1, 26% of organizations report establishing visibility and implementing segmentation, up from 20% in the previous year. The largest number of organizations state their security maturity is at the Level 2 access and profiling phase. The report also found a correlation between maturity and attacks. Those organizations that report being more mature (higher of Levels 0–4) are seeing fewer attacks or indicate that they are better able to handle lower-sophistication tactics, such as phishing. It’s worth noting that some tactics, such as advanced persistent threats (APT) and OT malware, are difficult to detect, and less mature organizations may not have the security solutions in place to determine they exist. Overall, although nearly half of organizations experienced impacts, the impact of intrusions on organizations is declining, with a noteworthy reduction in operational outages that impacted revenue, which dropped from 52% to 42%.

Adopting cybersecurity best practices is having a positive impact: In addition to the Levels of maturity affecting the impact of intrusions, it appears that adopting best practices such as implementing basic cyber hygiene and better training and awareness are having a real impact, including a significant drop in business email compromise. Other best practices include incorporating threat intelligence, which spiked (49%) since 2024. Additionally, the report saw a significant decrease in the number of OT device vendors, which is a sign of maturity and operational efficiency. More organizations (78%) are now using only one to four OT vendors, which indicates that many of these organizations are consolidating vendors as part of their best practices. Cybersecurity vendor consolidation is also a sign of maturity and corresponds to Fortinet customer experiences with the Fortinet OT Security Platform. Unified networking and security at remote OT sites enhanced visibility and reduced cyber risks, leading to a 93% reduction in cyber incidents vs. a flat network. The simplified Fortinet solutions also led to a 7x improvement in performance through reductions in triage and setup. ¹

Best Practices
Fortinet’s global 2025 State of Operational Technology and Cybersecurity Report provides actionable insights for organizations to strengthen their security posture. Organizations can address OT security challenges by adopting the following best practices:

Establish visibility and compensating controls for OT assets: Organizations need the ability to see and understand everything that’s on their OT networks. Once visibility is established, organizations then need to protect critical devices and ones that may be vulnerable, which requires protective compensating controls that are designed for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent compromise of vulnerable assets.
Deploy segmentation: Reducing intrusions requires a hardened OT environment with strong network policy controls at all access points. This kind of defensible OT architecture starts with creating network zones or segments. Standards such as ISA/IEC 62443 specifically call for segmentation to enforce controls between OT and IT networks and between OT systems. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralized management capabilities.
Integrate OT into security operations (SecOps) and incident response planning: Organizations should be maturing toward IT/OT SecOps. To get there, OT needs to be a specific consideration for SecOps and incident response plans, largely because of some of the distinctions between OT and IT environments, from unique device types to the broader consequences of an OT breach impacting critical operations. One key step in this direction is to have playbooks that include your organization’s OT environment. This kind of advanced preparation will foster better collaboration across IT, OT, and production teams to adequately assess cyber and production risks. It can also ensure that the CISO has proper awareness, prioritization, budget, and personnel allocations.
Consider a platform approach to your overall security architecture: To address rapidly evolving OT threats and an expanding attack surface, many organizations have assembled a broad array of security solutions from different vendors. This has yielded an overly complex security architecture that inhibits visibility while placing an increased burden on limited security team resources. A platform-based approach to security can help organizations consolidate vendors and simplify their architecture. A robust security platform with specific capabilities for both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralized management for enhanced efficiency. Integration can also provide a foundation for automated responses to threats.
Embrace OT-specific threat intelligence and security services: OT security depends on timely awareness and precise analytical insights about imminent risks. A platform-based security architecture should also apply AI-powered threat intelligence for near-real-time protection against the latest threats, attack variants, and exposures. Organizations should ensure their threat intelligence and content sources include robust, OT-specific information in their feeds and services.

Report Overview

The Fortinet 2025 State of Operational Technology and Cybersecurity Report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company.
Survey respondents were from different locations around the world, including Australia, New Zealand, Argentina, Brazil, Canada, Mainland China, Colombia, Denmark, Egypt, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Malaysia, Mexico, Norway, Philippines, Poland, Portugal, Singapore, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others.
Respondents represent a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater.
Most of those surveyed, regardless of title, are deeply involved in cybersecurity purchasing decisions. Many respondents are responsible for operations technology at their organization and/or have reporting responsibility for manufacturing or plant operations.

Additional Resources

Read the full report to learn more about the state of OT security in 2025.
Learn more about Fortinet’s OT Security Solutions .
Listen to the webinar on August 7 for more insights on the report findings.
Visit fortinet.com/trust to learn more about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
Learn more about Fortinet's commitment to product security and integrity , including its responsible product development and vulnerability disclosure approach and policies.
Read about how Fortinet customers are securing their organizations.
Follow Fortinet on X , LinkedIn , Facebook , and Instagram . Subscribe to Fortinet on our blog or YouTube .

¹ Fortinet, Fortinet OT Security Platform Customer Success Stories , November 5, 2024.

About Fortinet
Fortinet (Nasdaq: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute , one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs , Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com , the Fortinet Blog , and FortiGuard Labs .

Copyright © 2025 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAgent, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiEndpoint FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSEC, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.