OT security: rising critical vulnerabilities, widespread risks

Uptime Intelligence has shown that operational technology (OT) systems are more vulnerable to cyberattacks than many data center operators realize (see Seven fallacies of data center cybersecurity). One-third of operators now cite phishing as the primary cause of their most impactful cyberattack, according to the Uptime Institute Data Center Security Survey 2025 (see Cybersecurity incidents grow costlier amid persistent complexity). This is followed by ransomware/malware (11%) and misconfigured systems (11%).

Many operators still rely on legacy OT equipment and software that may be a decade or more old — designed without modern cybersecurity protections. OT systems, such as supervisory control and data acquisition (SCADA) systems, building management systems (BMS), and programmable logic controllers (PLCs), have multiple points of vulnerability. Many rely on web consoles and internet connectivity for remote management, support, training and system updates, while analytical functions, such as predictive maintenance, often require access to cloud systems and data sharing.