Report by Claroty
State of CPS Security 2025: Building Management System Exposures
3 FINDINGSPublished Jun 25, 2025
View Original Report →Key Findings
75% of organisations have BMS affected by known exploited vulnerabilities (KEVs).
ClarotyState of CPS Security 2025: Building Management System Exposures·Jun 25, 2025
Critical industriesBuilding management systemsVulnerabilitiesKEVs
Within organisations affected by KEVS that are also linked to ransomware and are insecurely connected to the internet, 2% of devices contain the same high level of risk, meaning they are essential to business operations and are operating at the highest level of risk exposure
ClarotyState of CPS Security 2025: Building Management System Exposures·Jun 25, 2025
Critical industriesBuilding management systemsVulnerabilitiesKEVs
Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.
ClarotyState of CPS Security 2025: Building Management System Exposures·Jun 25, 2025
Critical industriesBuilding management systemsVulnerabilitiesKEVsRansomware