Secolve report says Australia's OT cybersecurity is weak and immature
SYDNEY, Dec. 10, 2025 /PRNewswire/ -- Secolve, one of Australia's leading Operational Technology (OT) cybersecurity businesses has published a report on the precarious cybersecurity of critical infrastructure and industrial environments. Secolve surveyed senior professionals working in energy, manufacturing, water, mining, oil & gas, and critical infrastructure supply chain to understand the state of cybersecurity in these environments. The data shows that OT cybersecurity training is typically deficient, infrequent, or ignored entirely, and that organisations' OT security culture is still immature.
A quarter of Secolve respondents (24%) reported that they have never conducted OT specific training, and 21% had only did so during onboarding. The report shows that this is an issue of quality, as well as frequency. Only 11% of respondents said that their training was "practical" for their work environment. While 42% said it was too IT focused. Given how regularly these businesses are targeted by cybercriminal groups, and the influx of internet connected devices in industrial environments, Secolve warns that organisations are underprepared and untrained.
"OT cybersecurity training is infrequent, weak and generic," said Secolve CEO, Laith Shahin. "Engineers, technicians and miners work in hazardous environments surrounded by tech, powerful robotics and large autonomous machines. Many will get OT cybersecurity training in their first week, then never again. Some will never have OT cybersecurity training at all, and will simply have the same IT training as their desk job colleagues. Frankly, it's utterly non-sensical to give the same cybersecurity training to people regardless of whether they work behind a desk, in a mining pit, from factory floor, or energy plant. Training them all the same is like not training them at all."
The report also highlights the weakness and immaturity of OT cybersecurity in industrial and critical infrastructure environments. Respondents cited OT risks such as securing remote access & third-party connections, identifying suspicious behaviour in control systems, and managing USB/removable media risks as top priorities. However, only half (55%) were confident of front-line staff's ability to identify and report suspicious activity and only 15% would describe their OT security awareness culture as "strong".
"The immaturity of OT cybersecurity and lack of training is alarming, but hardly surprising. OT cybersecurity is still incredibly immature in Australia," continued Shahin. "Organisations are starting to recognise OT cybersecurity as a priority, but most remain stuck in compliance-driven, IT-centric training models. For these organisations to mature, they must adopt continuous, role-specific, scenario-driven, and gamified learning that is integrated into daily operations and safety frameworks."
About Secolve
Secolve is one of Australia's leading OT security specialists, partnering with organisations of all sizes to safeguard critical infrastructure from cyber threats. Its team of OT experts use a risk-based approach to tailor strategies to meet client's unique needs and deliver world-class OT security awareness training to promote a cyber-safe culture from within.
View original content:https://www.prnewswire.co.uk/news-releases/a-quarter-of-industrial-and-critical-infrastructure-orgs-have-never-conducted-ot-cybersecurity-training-302638600.html
