Report by Claroty
State of CPS Security 2025: Building Management System Exposures
3 FINDINGSPublished Jun 25, 2025
View Original Report →Key Findings
75% of organisations have BMS affected by known exploited vulnerabilities (KEVs).
Critical industriesBuilding management systemsVulnerabilitiesKEVs
Within organisations affected by KEVS that are also linked to ransomware and are insecurely connected to the internet, 2% of devices contain the same high level of risk, meaning they are essential to business operations and are operating at the highest level of risk exposure
Critical industriesBuilding management systemsVulnerabilitiesKEVs
Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.
Critical industriesBuilding management systemsVulnerabilitiesKEVsRansomware