Lessons for New Zealand from the Fortinet 2025 State of OT Cybersecurity Report
Global OT security trends and what they mean for New Zealand organisations in 2025
Fortinet has released its 2025 State of Operational Technology and Cybersecurity Report, a global study of 550 OT professionals across industries including energy, healthcare, manufacturing, and logistics. The findings show that OT security is maturing worldwide, with responsibility increasingly elevated to the C-suite, intrusions declining among more mature organisations, and best practices such as vendor consolidation, threat intelligence, and segmentation proving effective. For New Zealand organisations operating critical infrastructure, these trends provide valuable lessons. Nextro has analysed the report and drawn out insights specific to the New Zealand market.
OT security rises to the boardroom
One of the strongest messages from the report is that responsibility for OT cybersecurity is shifting into executive leadership. More than half of organisations now place OT security under the Chief Information Security Officer, compared to just 16 percent in 2022. This evolution signals that OT is no longer seen as a siloed technical issue but as a matter of corporate governance, risk, and reputation.
Maturity is the key to fewer intrusions
The study shows a strong link between security maturity and resilience. Organisations at the highest levels of maturity reported far fewer breaches, with 65 percent of Level 4 organisations experiencing no intrusions in 2025. In contrast, those at lower maturity levels faced more frequent attacks, particularly phishing and ransomware. For New Zealand, the lesson is clear: investing in structured, process-driven security yields measurable reductions in risk.
Consolidation as a path to resilience
Another major shift is the consolidation of technology vendors. Nearly eight in ten organisations worldwide now work with only one to four OT vendors, reducing complexity and simplifying operations. For New Zealand organisations, where teams are often small and resources tight, adopting a platform approach can bring similar benefits. Integration and simplification reduce overheads while enhancing visibility and security outcomes.
Preparing for regulatory change
Two-thirds of survey participants expect new OT compliance requirements within the next five years, and many believe these changes will arrive much sooner. While New Zealand has not yet introduced stringent OT regulations, the global move towards frameworks such as IEC 62443 suggests it is only a matter of time. Local organisations that align early with international standards will be better prepared for regulatory pressure and more resilient in the face of scrutiny.
Managing the legacy challenge
Most OT devices in use globally are more than six years old, with many incapable of being patched. This situation mirrors the reality in New Zealand, where industrial infrastructure often relies on ageing systems. To protect these environments, organisations must adopt compensating measures such as segmentation, OT-specific monitoring, and virtual patching. These approaches extend the life of critical assets without leaving security gaps.
Lessons for New Zealand leaders
The Fortinet 2025 report demonstrates that maturity, consolidation, and proactive governance are transforming OT security globally. For New Zealand businesses, the takeaways are clear: elevate OT security into board-level discussions, pursue continuous improvement to reach higher maturity, reduce complexity through platform integration, and prepare for both regulatory and legacy challenges.
Contact Nextro today to discover how your organisation can strengthen long-term security maturity, streamline through vendor consolidation, prepare for upcoming regulatory change, and manage the risks of legacy systems.