2026 OT Cybersecurity Year in Review

Ransomware attacks against industrial organizations increased 64% year-over-year.

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

In June 2025, BAUXITE deployed two custom wiper malware variants against Israeli targets.

The average dwell time for ransomware in OT environments is 42 days.

KAMACITE conducted sustained reconnaissance of U.S. industrial devices from March through July 2025.

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

Manufacturing accounts for more than two-thirds of all ransomware victims.

26% percent of advisories in 2025 contained no patch or mitigation from vendors.

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.