Top Highlights
- The number of major operational technology (OT) cyber incidents causing physical harm dropped in 2025 for the first time in seven years, from 76 in 2024 to 57.
- Possible reasons include improved cybersecurity defenses, reduced reporting, and a decline in ransomware attacks due to law enforcement actions disrupting major groups.
- Despite fewer attacks, those that did occur in 2025 were often severe, with incidents like the Jaguar Land Rover breach costing billions and nation-state threats targeting critical infrastructure without causing immediate disruption.
- OT attack sophistication decreased, with no new malware discovered in 2025, yet the severity and impact of targeted attacks remain high, especially in geopolitical contexts.
Cyberattacks on Critical Infrastructure Drop Significantly
Recent data shows a 25% decrease in physical damage-causing cyberattacks on operational technology (OT) systems during 2025. This trend is unusual because, historically, such attacks tend to increase yearly. For the past seven years, the number of these incidents had either stayed steady or risen. The significant drop suggests a shift in the cybersecurity landscape. Experts believe improvements in security practices might be part of the reason. However, some attacks still succeed despite better defenses, as illustrated by incidents like the Italian teenager who accessed a maritime system. Questions remain about whether these fewer numbers reflect better security, less reporting, or other factors. Still, the trend provides a cautious hope that defenses are improving against these dangerous attacks.
Why Are Fewer Attacks Causing Physical Damage?
Waterfall Security Solutions proposed three ideas to explain why fewer OT attacks had physical consequences last year. The first is that companies may be better protected. Although some breaches still happen, many are caused by hackers exploiting exposed control systems left online with weak passwords. Second, reporting fewer attacks might mean breaches are less often made public. Some countries now require organizations to report breaches, but often the details remain confidential or are underreported. Third, a decline in ransomware attacks—which are often responsible for major OT damage—might be another reason. Law enforcement efforts in the U.S. and Russia have disrupted these criminal groups. Nonetheless, these fewer reports do not mean attacks are less severe. Some incidents, like the attack on a luxury car manufacturer, caused billions of dollars in damage. Meanwhile, nation-states continue targeting critical infrastructure worldwide, often without immediate visible disruptions. While attacks may be less frequent, their impact remains high.
Discover More Technology Insights
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Stay inspired by the vast knowledge available on Wikipedia.
CyberRisk-V1
