Industrial cybersecurity is accelerating, and in 2025, three key trends are shaping how organizations must prepare. From regional disparities in cyber maturity to the convergence of IT and OT security, industrial companies will need to up their game when it comes to protecting their operations. Here’s my forecast for the year ahead.
When it comes to cybersecurity, some markets are simply more mature than others – and this often has to do with the cyber threat level they have faced over time.
Markets like the U.S. and the Middle East have invested heavily in security tools and frameworks to combat perceived threats. These implementations have helped strengthen their resilience, but have also created a new challenge: data overload. Intrusion detection systems, network monitoring, and other cyber security tools generate vast amounts of data, but making sense of all this data can be problematic. In these markets, I predict that we will see a shift away from simply acquiring more security tools, and rather, the focus will be on the ability to extract actionable insights from existing systems.
In European markets, I see a massive push towards solidifying those foundational security defenses that are increasingly needed, especially given the current geopolitical climate. As investment into those defenses grows, companies will increasingly seek out guidance on how to get started. In these discussions, the question of risk acceptance will be key, which centers on how comfortable leaders are with their current level of vulnerability. Providers that can demystify these risks and help organizations prioritize their cybersecurity investments will be invaluable.
Let Omny help you interpret your data and understand how to act upon it.
The implementation of NIS2 (the EU’s Network and Information Systems Directive) will gain traction in 2025, as member countries translate it into local law. While its full impact will unfold gradually, industrial companies must start aligning with new requirements, which now notably include their extended supply chains. From my perspective, NIS2 isn’t just about compliance, but rather about fostering a culture of cybersecurity throughout the ecosystem in which you operate.
We may not see immediate, sweeping changes from NIS2 in 2025, but the companies that proactively adapt to new and emerging requirements stand a better chance of building trust with customers and partners and will exhibit greater resilience when a threat strikes. It’s important to keep an eye on how enforcement develops, as using NIS2 as a starting point for security improvements will be essential.
The convergence of IT and OT systems is no longer a future concept; it’s happening right now. Driven by digitalization, industrial operations are connecting more devices and processes, which is breaking down the traditional silos between IT and OT. This convergence means Chief Information Security Officers (CISO) are increasingly responsible for OT security, necessitating greater collaboration between IT and operational teams.
In 2025, you can expect to see more organizations rethinking their structures to support this integration. Satellite security roles embedded in operational sites or cross-functional network engineering teams will become more common. Success will depend on adopting IT security practices in ways that respect the unique demands of OT environments.
Omny’s expertise in bridging IT and OT can support this shift, helping teams apply security measures more effectively across domains.