2025印度运营技术(OT)安全状况报告

December 2025 Table of contents Executive summary The state of OT security in India - Key insights Why OT security matters now? Current OT landscape - A reality check Crux of the challenge: Unpacking the key Transitioning from operational continuity to Trends and patterns in OT cyber investments today How to drive the OT security journey? Conclusion Way forward Foreword by DSCI Technology is reshaping India’s industrial landscape, further driving the country’s digitaltransformation. What were once isolated Operational Technology (OT) systems are now deeplyconnected, making them integral to efficiency, but also increasingly exposed to sophisticated cyber- This joint study by DSCI and Deloitte presents a timely and candid assessment of India’s OTsecurity posture. The findings reveal a maturing awareness and efforts being taken, yet highlightthat persistent gaps, legacy infrastructure, fragmented governance, IT–OT siloes and supply chain Vinayak Godse India’s regulatory and industrial momentum offers a strong foundation for change. However,sustained progress will require leaders to embed security into design, culture and decision-making. Chief Executive OfficerData Security Council Foreword by Deloitte India’s critical infrastructure is undergoing rapid change. Power grids, oil and gas networks, transportsystems, hospitals and advanced manufacturing plants are now deeply connected to the digital Recent incidents tell the story. From cyberattacks on state power utilities to ransomware shuttingdown production lines, the threat is real and growing. They underscore a stark reality: OperationalTechnology (OT) environments are prime targets. Attackers are no longer just targeting IT systems; Gaurav Shukla India’s response is gaining momentum. Regulatory mandates from the Central Electricity Authority(CEA), guidance from NCIIPC (National Critical Information Infrastructure Protection Centre) andglobal standards such as ISA/IEC 62443 show that OT security is finally being treated as critical. Partner and Leader – CyberDeloitte South Asia This report brings together the insights from CISOs, OT leaders and plant heads across criticalsectors. It examines the evolving threat landscape, systemic gaps, and the cultural and technicalshifts necessary to protect India’s industrial backbone. It also charts a path where OT security As India advances towards a digitally empowered economy, protecting critical infrastructure is nolonger a matter of operational hygiene – it is a matter of national resilience. The time to act is now, Executive summary To understand the ground reality of OT security in India, thisstudy was jointly conducted by Deloitte and DSCI, surveying In an era where digitalisation is reshaping India’s industrialbackbone, Operational Technology (OT) systems, once isolatedand proprietary, are now deeply connected, exposed andstrategically vital. As factories, power plants and criticalinfrastructure expand their IT–OT integration, they become Our methodology combined Quantitative surveys across energy, manufacturing, oiland gas, automotive, pharma and transport. In-depth interviews with CISOs, plant heads and OTengineers to extract lived challenges and systemic gaps. India stands at a decisive point. As the country acceleratesdigital industrialisation, the rise in cyber-physical threats isoutpacing the ability to defend them, and the consequencesare material. Industrial disruptions caused by OT cyberincidents have resulted in multi-day production stoppages,significant revenue leakage and, in several global cases,share-price impact within hours of breach disclosure. Indianorganisations have not been spared; recent incidents in sectors Analysis of industrial threat reports from leading global Indian industries recognise the growing threat to OT systems,but preparedness remains inconsistent, fragmented and in The state of OT security in India – More than 45% 25 - 30 years old legacy systems in OTenvironments still form the of the OT security budget is channelised intotool investments such as OT aware firewalls, IDS Average scoreof 1.75 - 2 60% of the respondents prioritise gaining andimproving visibility over the OT assets as the seen as the maturity of OT security Key thoughts Quoting a few insights from the discussions with the leaders, such as: While there has been an increase in the OT security budgets over the past two years, the funds remain solicited centrally Joint decisions for enterprise-wide OT systems are being made by CISO, CIO and heads of OT as a first step to mutual Dependency on OEMs for integration while procuring new security solutions, while withstanding an inherent resistance toexternal tools for monitoring, is seemingly an increasing challenge faced by OT leaders. A complete convergence for an IT-OT MSSP, while it aids cost optimisation, is not favoured by most of the respondents,taking into consideration safety, operational and the need to address