Dragos

Ransomware attacks against industrial organizations increased 64% year-over-year.

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

In June 2025, BAUXITE deployed two custom wiper malware variants against Israeli targets.

The average dwell time for ransomware in OT environments is 42 days.

KAMACITE conducted sustained reconnaissance of U.S. industrial devices from March through July 2025.

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

Manufacturing accounts for more than two-thirds of all ransomware victims.

26% percent of advisories in 2025 contained no patch or mitigation from vendors.

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

Worst-case scenarios for global financial risk from OT cyber incidents are estimated at as much as $329.5 billion.

In a severe, but plausible scenario (a 1-in-250-year tail event), global OT cyber losses could reach $329.5 billion, with $172.4 billion specifically from OT-related business interruption.

The three OT cybersecurity controls most correlated with risk reduction are: Incident Response Planning (up to 18.5% average risk reduction), Defensible Architecture (up to 17.09%), ICS Network Visibility and Monitoring (up to 16.47%).

Indirect losses impact up to 70% of OT-related breaches.

75% of the ransomware cases Dragos observed involved disruption to operations to some degree.

Manufacturing remains the most affected sector by ransomware, accounting for more than 50% of observed ransomware victims.

In the first half of 2024, ransomware groups attacked an average of 34 industrial organizations per week. That number more than doubled during the second half of the year.

25% of the ransomware cases Dragos observed involved full shutdown of an OT site.

70% of the vulnerabilities researched were deep within the ICS network and 39% could cause both a loss of view and a loss of control.

Ransomware activity surged at an increase of more than 87% over last year.