ISA Annual Report 2025 spotlights surge in automation skills, AI knowledge tools, industrial cybersecurity standards - Industrial Cyber

Attacks and Vulnerabilities Control device security Critical infrastructure Cyber Informed Engineering Industrial Cyber Attacks ISA/IEC 62443 IT/OT Collaboration Malware, Phishing & Ransomware News Reports Risk & Compliance Supply Chain Security System Design & Architecture The Skills Gap - Training & Development Threat Landscape ISA Annual Report 2025 spotlights surge in automation skills, AI knowledge tools, industrial cybersecurity standards March 02, 2026 The International Society of Automation (ISA) disclosed that it has maintained a multi-year growth trajectory, delivering its fourth consecutive year of revenue and membership increases. According to the report, overall professional membership climbed nearly seven percent while total revenue reached record levels, reflecting rising global demand for automation knowledge, training and technical standards in the face of accelerating digital transformation. The ISA Annual Report 2025 highlights expanded programs and services across the automation community, with strong uptake of certified training, broader global engagement through Connect Forums and sections in more countries, and nearly 10,000 queries answered by Mimo, ISA’s AI-powered large language model trained on proprietary automation and cybersecurity content. Looking ahead, ISA’s 2025-2027 strategic themes focus on growing core business lines such as training and standards, increasing awareness and use of ISA content among corporations and partners, sharpening technical focus areas and improving organizational agility and culture to better serve a diversifying membership base. “ISA is your professional society,” Scott Reynolds, 2025 ISA President, wrote in the report. “At a time when many are thinking about automation’s impact on the workforce and the pace of emerging technologies, it is more important than ever to emphasize a core truth: automation depends on people. I encourage you to deepen your engagement with ISA and to welcome colleagues and peers to join and get involved.” Detailing a multi-year trajectory of increased stability and ongoing cultural improvement within the professional home that automation and instrumentation practitioners have relied on for more than 80 years, Claire Fallon, CEO of ISA, wrote. “None of this progress would be possible without the people behind it. I am proud to lead an amazing professional staff, and am grateful to ISA members, volunteers, the Executive Board and the broader automation community for your engagement, support and commitment to creating a better world through automation.”  Since 2021, ISA has sustained a four-year upward trajectory, with membership growing by 50% and revenue increasing by 84%, marking its fourth consecutive profitable year and the sixth since 1999. In 2025 alone, membership rose 6.76% year over year to reach 18,790 members, while revenue climbed to a record 21 million USD. The Automation Summit and Expo recorded its highest attendance to date, drawing more than 630 participants, underscoring continued engagement across the automation community. The organization also expanded its digital and media footprint. Mimo, ISA’s large language model, answered nearly 10,000 questions in 2025, reflecting strong demand for accessible automation expertise. Media mentions increased by 428% since 2022, signaling broader visibility and industry recognition. ISA was also named a 2025 Top-Rated Nonprofit by Great Nonprofits, reinforcing its growing influence and credibility within the global automation sector. The ISA Annual Report 2025 states that for more than 80 years, ISA has shaped industrial automation and cybersecurity by developing standards that define and advance leading global practices. As an ANSI-accredited standards developer, ISA operates through an open, consensus-based process designed to ensure global credibility and technical rigor. Today, that work is supported by 4,900 volunteers across 40 countries, contributing through 24 standards committees. ISA maintains a portfolio of 120 published standards, 15 recommended practices and 61 technical reports, underscoring its central role in shaping automation and control system governance worldwide. In 2025 alone, ISA published eight new standards, two technical reports and one recommended practice. Among the most significant releases, ISA-TR62443-2-2-2025 provides guidance to help asset owners and operators ensure that industrial automation and control system security programs include the mechanisms and procedures necessary to manage cyber risk effectively.  ANSI/ISA-62443-2-1-2024 establishes requirements for creating, implementing and continuously improving a security program aimed at reducing IACS security risks to tolerable levels. During the year, multiple standards within the ISA-75 control valve series were also reaffirmed and revised, reinforcing ISA’s ongoing influence across both cybersecurity and core industrial process domains. Developed by practicing automation and control professionals, ISA’s training programs focus on real-world technologies and operational challenges facing industry today. In 2025, ISA trained 15,586 professionals, reflecting an 11% increase year over year. Participation spanned globally, with 3,253 trainees in North America, 4,109 in Europe, 2,191 in Asia Pacific, 648 in Latin America and the Caribbean, and 1,073 in the Middle East and Africa, along with 4,312 participants classified as unknown. Cybersecurity remained a dominant focus. The top five courses included Using the ISA/IEC 62443 Standards to Secure Your Industrial Control System (IC32M), Assessing the Cybersecurity of New or Existing IACS Systems (IC33M), IACS Cybersecurity Design and Implementation (IC34M), Cybersecurity Operations and Maintenance (IC37M), and the virtual version of Using the ISA/IEC 62443 Standards to Secure Your Control Systems (IC32V). ISA also launched new offerings, including ISASecure Automation and Control System Security Assurance for Evaluators (IC49) and Fire and Gas Mapping: Practical Application (EC56M). Several core courses were revised to reflect updated standards and industry needs, including Sizing, Selecting and Applying Process Control Valves (EI30), Instrumentation Diagrams and Symbols (FG15C), Developing and Applying Standard Instrumentation and Control Documentation (FG15), and multiple ISA/IEC 62443 cybersecurity courses such as IC32, IC33, IC34 and IC37. The Certified Automation Professional exam review course (EC00) and Automation Project Management (MT101XT) were also updated. To support global accessibility, ISA translated IC32 into Japanese and began work to translate IC32M into Korean, further extending the reach of its cybersecurity curriculum. The ISA Annual Report 2025 detailed that ISA certification and certificate programs provide a standards-based learning framework focused on critical automation disciplines. Certificate programs are designed to strengthen professional recognition and validate expertise in defined technical domains such as safety and cybersecurity, while full certification programs deliver an independent, third-party assessment of an individual’s skills, knowledge and experience. ISA/IEC 62443 cybersecurity credentials continued to show strong uptake. The ISA/IEC 62443 Cybersecurity Fundamentals Specialist credential recorded 6,871 total holders, with 1,506 earned during the reporting period. The Cybersecurity Risk Assessment Specialist credential reached 2,925 total holders, including 655 new awards. The Cybersecurity Design Specialist credential stood at 2,056 total holders, with 575 new recipients, while the Cybersecurity Maintenance Specialist credential reached 1,698 total holders, including 496 new awards. At the advanced level, the ISA/IEC 62443 Cybersecurity Expert designation totaled 1,574 holders, with 461 newly awarded during the year, underscoring sustained global demand for validated industrial cybersecurity expertise. ISA operates four industry consortia that extend its influence beyond standards development into active collaboration and conformity assessment. These include the ISA Global Cybersecurity Alliance and its Incident Command System for Industrial Control Systems, known as ICS4ICS, alongside ISASecure and ISA100 Wireless. Together, these initiatives advance research, cybersecurity assurance and wireless interoperability across industrial environments. The ISA Global Cybersecurity Alliance serves as a collaborative forum focused on advancing operational technology cybersecurity awareness, education, readiness and standards alignment. In 2025, the alliance produced a series of technical resources that mapped the ISA/IEC 62443 standards to ISO/IEC 27001 and ISO/IEC 27002, compared ISA/IEC 62443-4-1 with NIST SP 800-218 on secure software development and issued briefings addressing artificial intelligence risks in critical infrastructure supply chains.  The alliance also sponsored speakers for the ISA OT Cybersecurity Summit and delivered four dedicated webinars, reinforcing its role as a cross-sector knowledge hub. Established under the alliance, ICS4ICS provides a structured incident command framework for responding to cyber attacks affecting industrial control systems and critical infrastructure. It maintains a standing organizational model and operational playbook, conducts training exercises and offers professional credentials.  In 2025, ICS4ICS hosted nine sector-specific and educational webinars spanning space, pipeline, higher education, power generation, metals, battery manufacturing and incident response staffing. The initiative also supported the creation of more than 150 credentialed ICS4ICS roles, strengthening surge capacity and coordinated response readiness across industry sectors. ISA/IEC 62443 cybersecurity certification continues to expand across products, supplier development processes and automation systems at asset owner operating sites. In 2025, ISASecure introduced the ISAC Security Assurance certification scheme, a unified, standards-based framework designed to align stakeholders under a consistent cybersecurity assurance model. The scheme incorporates key elements of ISA/IEC 62443 standards 2-1, 2-4, 3-2 and 3-3, strengthening lifecycle coverage from program requirements to system and component security. During the year, the National Cyber Security Agency of the State of Qatar partnered with ISASecure to accelerate adoption of ISA/IEC 62443 within its national cybersecurity strategy, signaling continued international uptake of the standard. ISASecure also worked with the ISA Global Cybersecurity Alliance, the Utilities Technology Council and Cumulys to advance a comparative analysis of North American Electric Reliability Corporation Critical Infrastructure Protection requirements and ISA/IEC 62443. The collaboration produced a white paper, webinars and expert interviews, contributing to clearer alignment between NERC CIP obligations and globally recognized industrial cybersecurity standards. Last month, the ISA congratulated eight individuals who were elevated to the distinguished grade of ISA Fellow in 2026 in recognition of their sustained and exceptional contributions to the field. The esteemed Fellow member grade is one of ISA’s highest honors, recognizing only those Senior Members who have made exceptional contributions to the automation profession, in practice or in academia. Anna Ribeiro Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT. Related Censys warns systemic exposure of Rockwell PLCs enable Iran-linked targeting of critical infrastructure OT networks CCN reports cybersecurity maturity becoming prerequisite in critical infrastructure, industrial supply chains UK NCSC says APT28 exploits routers for DNS hijacking, enabling large-scale traffic interception DOE allocates $160 million to secure energy systems as cyber threats converge with grid modernization Ongoing cyberattacks targeting internet-connected PLCs disrupt US critical infrastructure, agencies warn FBI reports cyber threats to critical infrastructure intensify as US cybercrime losses hit $21 billion, exposes risk Tosi reports US enterprises improve OT security maturity, but vendor access emerges as critical weakness Bitsight names John Clancy as CEO to steer growth in AI-driven cybersecurity era Storm-1175 exploits web-facing systems to drive ransomware attacks across healthcare and services in US, UK, Australia Malaysia’s digital growth and geopolitics widen cyber attack surface, raising critical infrastructure risks