Contact Us
Contact Us
Login

2026 OT Cybersecurity Year in Review

Explore the data from Dragos’s 2026 OT Cybersecurity Report, our 9th Annual Year in Review – the go-to report for industrial control systems (ICS) and operational technology (OT) vulnerabilities, threats targeting industrial environments, and lessons learned from customer engagements worldwide.

DOWNLOAD REPORT
Key Findings
Timeline
By The Numbers
Threat Group Activity
Key Findings
Download Now
What Changed in OT Cybersecurity in 2025

Adversaries moved beyond prepositioning to actively mapping control loops, understanding how to manipulate physical processes. Three new threat groups emerged, established groups expanded globally, and ransomware caused significant operational disruptions. Yet only a small number of OT networks have the visibility to detect these threats before operational impact occurs.

By The Numbers: The OT Visibility Crisis
Threat groups are gaining access to industrial environments and positioning for operational impact, but in most cases, compromise becomes visible only after something in the process behaves abnormally. Many organizations lack the visibility to detect reconnaissance, lateral movement, and data exfiltration before adversaries achieve their objectives, revealing a fundamental gap across OT networks worldwide.
30 %
of OT networks have visibility
56 %
cannot see below IT/OT boundary
88 %
struggle with detection & response
Threat Groups Are Positioning for OT Impact

Adversaries targeting OT are progressing through the ICS Cyber Kill Chain at different speeds. While some focus on initial access, others have reached Stage 2. These threat groups conduct reconnaissance, development, and testing activities inside OT environments to understand control loops and position for future manipulation of industrial processes.

Adversaries Scaling Operations
The threats facing industrial organizations evolved in both scale and sophistication. More adversaries are targeting OT environments, ransomware continues driving operational disruptions across critical sectors, and vulnerabilities are being exploited more rapidly, creating compounding pressure on defenders.
26
OT threat groups actively tracked
3 ,300
Industrial organizations impacted by ransomware
4 %
Vulnerabilities actively exploited
Download the Report

The 2026 OT Cybersecurity Year in Review report provides a panoramic view of the most significant cyber trends, threats, and lessons learned during cybersecurity events from the past year.

SKIP
Year in Review 2026 Report Cover