The risks for cyber-physical systems (CPS) continue to grow. This is shown in the new report ‘The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape’ by security specialist Claroty. According to the report, 49 per cent of security managers surveyed worldwide see increased risks for CPS and operational processes, driven primarily by geopolitical tensions and changes in global supply chains.

The survey of 1,100 experts from information security, OT engineering, healthcare, biotechnology, building management and industrial facilities makes it clear that 45 per cent of those responsible are unable to effectively reduce the risks to their facilities or correctly assess their security situation. 67 per cent are rethinking the geographical orientation of their supply chains in order to minimise exposure to economic and political uncertainties.

One particularly critical aspect is remote access by third parties. New or modified access tools in complex CPS environments lead to an increased attack surface. In the past 12 months, 46 per cent of respondents said they had been victims of security breaches due to third-party access, while 73 per cent are currently reviewing their remote access strategies.

Regulatory uncertainties further exacerbate the situation. Despite the successful implementation of established frameworks such as the NIST Cybersecurity Framework and the ENISA guidelines, concerns remain about new or changing regulations. Almost 70 per cent of companies currently comply with existing standards, but 76 per cent see a potential need to adapt strategies and processes due to future legal requirements. This can significantly impact operational efficiency.

Thorsten Eckert, Regional Vice President Sales Central at Claroty, emphasises:

‘Attackers deliberately exploit periods of instability. Critical infrastructures are particularly attractive targets, as disruptions can have far-reaching economic and security implications. Vulnerabilities in supply chains and among partners exacerbate the risks. At the same time, these challenges offer an opportunity to fundamentally rethink CPS security strategies.’

The study highlights the need for an impact-centred approach to risk mitigation. Priority measures include regular security audits (49%) and process improvements for change approvals (45%). These approaches increase compliance and uncover potential vulnerabilities in third-party providers before they lead to security incidents.

The Claroty report not only provides up-to-date situation reports and threat assessments, but also offers targeted recommendations on how companies can sustainably strengthen their CPS security in uncertain economic and geopolitical times.

Further information and download: The Global State of CPS Security 2025 – Claroty