AI in OT Cybersecurity Industry Survey 2026 State of AI in OT

Takepoint Research is an independent analyst firm focused exclusively on industrial cybersecurity. Built on over a decade of practitioner relationships and deep domain expertise, the firm delivers actionable insights guided by their OT Cyber Value Protection Framework, connecting security investment directly to the operational value organizations create and the consequences that threaten it.

About this survey

AI is transforming how industrial organizations detect threats, manage risk, and secure OT environments. But rhetoric has outpaced reality. Adoption is uneven, governance is immature, and risks are accelerating faster than most programs can respond.

In 2024, Takepoint Research conducted its first AI in OT Cybersecurity Industry Survey. This survey updates that research to track what has changed.

No vendor agenda. No spin. Just data. Takes 4 to 5 minutes. All responses are anonymous.

Participants receive first access to the Survey Report 2026 and the Industrial Cyber Days AI in OT Cyber event on July 22, 2026.

Full Name (Optional)

Job Title

Company (Optional)

What is your primary region?

Which department or functional area do you work in?

Executive/Leadership

Cybersecurity (IT/Corporate)

Cybersecurity (OT/ICS)

Operational Technology

Engineering

Operations/Plant Management

Other

What is the size of your organization?

Which best describes your organization’s focus area? (Select 1)

Buildings & Public Infrastructure

Chemicals & Refining

Data Centers & Telecommunications

Food & Agriculture

Manufacturing

Mining & Metals

Oil & Gas

Pharmaceuticals & Life Sciences

Power & Utilities

Transportation & Logistics

Water & Wastewater

OT Security Vendor / Integrator / Service Provider

Other

Q1: How would you describe your organization's current use of AI within your OT cybersecurity program? (Select 1)

A. Fully deployed across multiple OT security functions

B. Deployed in at least one OT security function

C. Piloting or evaluating AI for OT security

D. Planning to implement within the next 12 months

E. No current plans to implement AI

Q2: Overall, do you believe the potential benefits of AI in industrial cybersecurity outweigh the risks? (Select 1)

A. Yes, clearly, benefits significantly outweigh risks

B. Somewhat, benefits are greater but risks are real

C. Uncertain, roughly balanced

D. No, risks outweigh the benefits in our environment

Q3: Which OT cybersecurity functions is your organization currently applying AI to? (Select all that apply)

A. Threat detection and alerting

B. Network monitoring and anomaly detection

C. Vulnerability management

D. Incident response and triage

E. Predictive maintenance / asset health

F. Risk assessment and prioritization

G. Security operations / SOC augmentation

H. Not currently applying AI to any OT function

Q4: Has your organization deployed or formally evaluated agentic or autonomous AI, meaning AI that can take actions without step-by-step human instruction, for any OT security function? (Select 1)

A. Yes, deployed in production

B. Yes, in a pilot or proof-of-concept

C. We have evaluated it but have not deployed

D. We are aware of it but have not evaluated it

E. Not familiar with agentic AI

Q5: What are your organization's biggest challenges when implementing AI in OT cybersecurity? (Select up to 3)

A. Integrating AI with legacy OT systems and infrastructure

B. Data quality, availability, or labeling

C. Lack of skilled personnel to manage AI tools

D. Budget and procurement constraints

E. Concerns about AI reliability in safety-critical environments

F. Lack of vendor maturity or trusted AI solutions

G. Regulatory uncertainty around AI use

H. We have not faced significant challenges

Q6: Has your organization experienced a measurable, demonstrable benefit from AI in your OT cybersecurity operations? (Select 1)

A. Yes, clear and quantifiable improvement in security outcomes

B. Yes, qualitative improvement, not yet formally measured

C. Too early to determine

D. No measurable benefit observed so far

E. Not applicable, we have not deployed AI

Q7: Are you concerned that a cyberattack targeting your AI systems or operational data could lead to corrupted decisions and ultimately cause physical consequences such as safety events, equipment damage, or unplanned downtime? (Select 1)

Q7: Are you concerned that a cyberattack targeting your AI systems or operational data could lead to corrupted decisions and ultimately cause physical consequences such as safety events, equipment damage, or unplanned downtime? (Select 1)

A. Yes, we consider this a top-tier operational risk today

B. Yes, it is on our radar and we are beginning to address it

C. We are aware of the risk but have not prioritized it

D. No, we do not view this as a material risk in our environment

E. Unsure

Q8: How confident are you that the AI tools and models used in your OT environment are adequately protected against manipulation, adversarial inputs, or supply chain compromise? (Select 1)

A. Very confident, we have specific controls in place and have tested them

B. Somewhat confident, controls exist but have not been fully validated

C. Low confidence, we know this is a gap

D. Not applicable, we do not yet use AI in OT

E. Unsure

Q9: Does your organization have a formal AI governance or AI use policy that specifically covers the use of AI within OT or industrial environments? (Select 1)

A. Yes, a formal policy exists and is actively enforced

B. In progress, we are developing one

C. No, we rely on general IT/cybersecurity policy

D. No, and it is not currently a priority

E. Unsure

Q10: Does your organization have a defined human-in-the-loop protocol for AI-driven decisions that could affect operational safety, availability, or physical processes? (Select 1)

A. Yes, formally documented and enforced

B. Informally, we practice human oversight but it is not documented

C. No, AI decisions are largely automated in our environment

D. Not applicable

E. Unsure

Q11: Is your organization actively tracking or preparing for AI-specific regulatory requirements, such as the EU AI Act, NIST AI RMF, or sector-specific AI guidelines, that may affect your industrial operations? (Select 1)

Q11: Is your organization actively tracking or preparing for AI-specific regulatory requirements, such as the EU AI Act, NIST AI RMF, or sector-specific AI guidelines, that may affect your industrial operations? (Select 1)

A. Yes, we have a dedicated effort underway

B. We are monitoring but have not yet taken formal action

C. We are aware but regulation is not driving our AI decisions

D. We are not currently tracking AI-specific regulation

E. Unsure which regulations apply to us

Q12: Has your organization mapped which AI-driven decisions in your OT environment could directly influence physical processes, safety systems, or operational continuity? (Select 1)

A. Yes, formally mapped and reviewed

B. Partially, some systems have been assessed

C. No, we have not done this mapping

D. Not applicable

END OF SURVEY