CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Decline in physically impactful OT cyberattacks observed in 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The total number of major operational technology (OT) cyber incidents causing physical consequences decreased by 25% in 2025, reversing a seven-year upward trend. Major OT cyberattacks fell from 76 in 2024 to 57 in 2025 according to Waterfall Security Solutions’ annual report, marking the first decline since 2018. The reduction contrasts with historical increases driven by ransomware and exposed industrial control systems, though many of the remaining 2025 incidents remained severe despite lower technical sophistication. The shift raises questions about underlying drivers, including improved defenses, underreporting due to legal risks, or fluctuations in ransomware ecosystem dynamics.

Timeline

  1. 26.03.2026 22:33 1 articles · 19h ago

    Global OT cyber incidents with physical impact decline 25% in 2025

    Operational Technology (OT) cyber incidents causing physical consequences fell to 57 in 2025 from 76 in 2024, according to Waterfall Security Solutions’ annual report. The decline breaks a continuous seven-year rise and follows reduced ransomware activity and increased legal caution around public incident disclosure. While fewer incidents occurred, their impact remained severe, including high-cost supply chain and critical infrastructure compromises. Attacks showed lower technical sophistication, with no new OT-specific malware families identified in 2025.

    Show sources
    Open in new tab

Information Snippets

  • 57 OT cyberattacks caused physical consequences globally in 2025, down from 76 in 2024 and below the 2023 total of 70.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • The decline breaks a continuous seven-year rise in OT incidents with physical impact, which began increasing sharply from 2019 after a period of relative rarity.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, noted that 2025 attacks lacked new OT-specific malware and were generally less technically sophisticated than in prior years.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • A January 2025 incident in Italy involved a teenager exploiting an exposed HMI to alter shipping routes in the Mediterranean Sea via default or stolen credentials.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • The Jaguar Land Rover supply chain attack in mid-2025 is estimated to have caused $1 billion in direct losses to the company and $2.5 billion in broader UK economic impact, ranking among the most expensive cyber incidents on record.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • Nation-state and hacktivist activity without physical consequences doubled in 2025, with many targeting critical infrastructure, including Russian actors gaining access to Poland’s renewable energy infrastructure and bricking automation devices without disrupting power flow.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources

  • Legal and reporting constraints may be suppressing public disclosure: organizations increasingly limit incident details to avoid litigation, complicating trend analysis and verification.

    First reported: 26.03.2026 22:33
    1 source, 1 article
    Show sources