2026 OT Cyber Threat Report
In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures.
Join us on March 25th, 2026, 11AM NY Time
This is the only industry report focused exclusively on verified cyber incidents with physical consequences. The data set is public, all the incidents we use are included in the report’s appendix with links to public news reports.
Highlighted attacks include:
- Jaguar / LandRover – the most costly production shutdown in a decade,
- Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
- Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
- Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment.
In a webinar on Wednesday March 25th, Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security, take us through:
Record-breaking costs of consequences
What is behind the drop in ransomware attacks
Key defensive developments of 2025, in light of these threats
About the Speaker
Andrew Ginter
Andrew Ginter is the most widely-read author in the industrial security space, with over 23,000 copies of his three books in print. He is a trusted advisor to the world's most secure industrial enterprises, and contributes regularly to industrial cybersecurity standards and guidance.
