Forescout
Reports
All Statistics
24% of devices across organizations are classified as part of the extended IoT, including IoT, OT, and IoMT.
11% of devices across organizations are classified as network equipment.
There are 3,200 unique operating system versions observed across organizations, averaging 876 versions per organization.
There are 380 unique device functions observed across organizations, averaging 164 functions per organization.
Financial services organizations have 35% of their devices classified as extended IoT.
65% of devices across organizations are classified as non-traditional IT.
There are over 1,400 unique vulnerabilities affecting IP cameras in the dataset.
Healthcare organizations have 35% of their devices classified as extended IoT.
40% of IP cameras in the dataset have at least one vulnerability.
40% of threat actor updates in H1 2025 were attributed to state-sponsored groups.
Ransomware attacks are averaging 20 incidents per day.
62% of breaches in H1 2025 involved data stored on network servers.
9% of threat actor updates in H1 2025 were attributed to hacktivists.
76% of breaches in H1 2025 stemmed from hacking or IT incidents.
There were 3,649 documented ransomware attacks in H1 2025.
Ransomware attacks grew in frequency to 608 per month, or roughly 20 per day.
Zero-day exploits increased 46% in H1 2025.
Modbus accounted for 57% of OT protocol traffic in Forescout honeypots in H1 2025.
The U.S. was the top ransomware target, accounting for 53% of all ransomware incidents, in H1 2025.
24% of breaches IN h1 2025 were on email systems.
47% of newly exploited vulnerabilities were originally published before 2025.
Zero-day exploitation increased 46% in H1 2025.
Published vulnerabilities rose 15% in H1 2025.
45% of published vulnerabilities in H1 2025 were rated high or critical.
CVEs added to CISA KEV jumped 80% in H1 2025.
The healthcare sector experienced an average of two healthcare breaches per day in the first half of 2025.
51% of threat actor updates in H1 2025 were attributed to cybercriminals, such as ransomware groups.
Nearly 30 million individuals were affected by breaches in H1 2025.
50% of industrial organizations claim that supply chain threats and cybercriminal activity are their top security concern.
8% of industrial organizations claim that nation-state actors are their top security concern.
64% of industrial organizations classify their OT cybersecurity maturity as foundational.
9% of industrial organizations claim that zero-day vulnerabilities are their top security concern.
57% of industrial organizations deploy more than three tools to monitor IT, OT, and IoT environments.
Only 17% of industrial organizations report mature OT security practices.
44% of industrial organizations claim to have strong real-time cyber visibility.
Nearly 60% of industrial organizations have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat detection capabilities.
49% of industrial organizations cite vulnerability prioritization as the most laborious task.
44% of industrial organizations cite risk mitigation as the most laborious task
Over 33% of industrial organizations take more than 90 days to remediate threats.
63% of industrial organizations take over 30 days to remediate threats.
19% of industrial organizations identify their cybersecurity maturity as evolving.
8% of industrial organizations claim that nation-state actors are their top security concern.
9% of industrial organizations claim that zero-day vulnerabilities are their top security concern.
Less than 1% of hacktivist attacks impacted organizations in the Americas.
NoName057(16) was the most active hacktivist group, accounting for 90% of attacks analyzed. It is also cited as being behind 90% of state-aligned cyberattacks in 2024.
Geographically, 82% of hacktivist attacks targeted Europe.
Four state-aligned hacktivist groups claimed responsibility for 780 attacks in 2024 alone.
The other state-aligned hacktivist groups accounted for the remaining attacks: BlackJack (1%), Handala Group (8%), and the Indian Cyber Force (1%).
18% of hacktivist groups targeted Asia, including the Middle East.