Report by Dragos

2026 OT Cybersecurity Year in Review

9 FINDINGSPublished Feb 17, 2026
View Original Report →

Key Findings

Ransomware attacks against industrial organizations increased 64% year-over-year.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
RansomwareIndustrial Security

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
Operational TechnologyIncident ResponseRansomwareOT Ransomware

In June 2025, BAUXITE deployed two custom wiper malware variants against Israeli targets.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
Wiper MalwareCyber ConflictIsraelBAUXITE

The average dwell time for ransomware in OT environments is 42 days.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
RansomwareOperational TechnologyDwell Time

KAMACITE conducted sustained reconnaissance of U.S. industrial devices from March through July 2025.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
ReconnaissanceOperational TechnologyIndustrial DevicesKAMACITE

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
VulnerabilitiesVulnerability ScoringICS-CERTNVD VulnerabilitiesCVSS Scores

Manufacturing accounts for more than two-thirds of all ransomware victims.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
ManufacturingRansomwareIndustrial Security

26% percent of advisories in 2025 contained no patch or mitigation from vendors.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
VulnerabilitiesPatch ManagementICS

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

Dragos2026 OT Cybersecurity Year in Review ·Feb 17, 2026
RansomwareIndustrial SecurityOperational Technology