Is the world prepared for Life, uninterrupted?
Get the 2025 World Readiness Guide
Background Image
 
Request a Demo
Claroty Toggle Search

Report

State of CPS Security: OT Exposures 2025

Team82’s analysis of the riskiest operational technology (OT) exposures putting critical infrastructure organizations in the crosshairs of adversaries.

View the Report

Advanced adversaries have ramped up cyberattacks targeting operational technology. APTs such as Volt Typhoon, Sandworm, and the CyberA3ngers are using purpose-built malicious tools to disrupt or modify processes managed by industrial control systems (ICS), and represent the greatest threats to public safety, and national and economic security. 

In this report, Claroty’s research group, Team82, lays out the greatest risks associated with OT and ICS beyond merely assessing the criticality of a vulnerability. By exploring exposures such as whether devices contain known exploited vulnerabilities—including those linked to active ransomware campaigns—and whether those devices are insecurely connected to the internet, security leaders have a road map for prioritizing mitigations and remediations at a reduced cost. 

What follows is a sample of the report and Team82's findings.

Interested in learning about Claroty's Cybersecurity Solutions?

Black and gray abstract shapes

The data collected for this report spans a number of industries under the umbrellas of manufacturing, natural resources, and logistics and transportation. 

940,000+
OT Devices Analyzed


270
Organizations

Some of those industries include:

Food & Beverage

Pharma

Automotive

Oil & Gas

Mining

Chemical

Aviation

Rail

Maritime/Ports

Key Findings

Known Exploited Vulnerabilities in OT Devices

Team82 analyzed close to one million OT devices within 270 organizations; the data in this report spans a number of industries under the umbrellas of manufacturing, logistics and transportation, and natural resources.

Of the close to one million OT devices analyzed, Claroty Team82 found that:

Key Findings: A pie chart showing that of the OT devices analyzed, Claroty Team82 found that 12% contain KEVs.

12%

contain KEVs

Key Findings: A pie chart showing that of the OT devices analyzed, Claroty Team82 found that 40% of the organizations analyzed have these assets insecurely connected to the internet.

40%

of the organizations analyzed have these assets insecurely connected to the internet

Key Findings: A pie chart showing that of the OT devices analyzed, Claroty Team82 found that 7% of the devices are exposed with KEVs that have been linked to known ransomware samples and actors.

7%

of the devices are exposed with KEVs that have been linked to known ransomware samples and actors

Key Findings: A pie chart showing that of the OT devices analyzed, Claroty Team82 found that 31% of the organizations analyzed have these assets insecurely connected to the internet.

31%

of the organizations analyzed have these assets insecurely connected to the internet

An icon illustration depicting an industrial factory surrounded by white exclamation points on red circles.

We found that more than 12% of industrial organizations in the research had OT assets communicating with malicious domains, demonstrating that the risk to these assets is not theoretical.

Quantifying the Riskiest Exposures

The riskiest OT exposures cannot be measured in critical CVEs alone. Doing so would place undue burden on asset owners and operators trying to boil an ocean of unpatched vulnerabilities; fixing them at any kind of scale would be done at a tremendous human and monetary resource drain.

We instead break down those exposures to smaller subsets of vulnerable devices, allowing leaders to consider remediation of the highest-risk devices first where the threat of exploitation is greatest, below.

ORGANIZATIONS

% with KEVs % with KEVsLinked to Ransomware % with KEVsand Insecure Connectivity % with KEVsLinked to Ransomwareand InsecureConnectivity

DEVICES

% with KEVs % with KEVsLinked to Ransomware % with KEVsand Insecure Connectivity % with KEVsLinked to Ransomwareand InsecureConnectivity
Claroty
LinkedIn Twitter YouTube Facebook