The convergence of information technology and operational technology has created a perfect storm for threat actors, with manufacturing organizations now facing the highest probability of cyber incidents among all critical infrastructure sectors, according to the newly released Information Risk Insights Study (IRIS) 2025 from the Cyentia Institute.
The data paints an alarming picture for industries that have traditionally operated air-gapped systems but are now embracing digital transformation, including manufacturing, healthcare, and energy. Manufacturing firms face an 11.2% annual probability of experiencing a significant security incident — the highest rate among all sectors analyzed and representing a dramatic escalation from approximately 2% just 15 years ago.
This surge directly correlates with the manufacturing sector's aggressive adoption of Industry 4.0 technologies, where traditional operational technology equipment is increasingly connected to enterprise networks, cloud platforms, and remote monitoring systems. The integration of these previously isolated industrial control systems with corporate IT networks has fundamentally expanded the attack surface that cybercriminals can exploit.
Manufacturing firms face an 11.2% annual probability of experiencing a significant security incident — the highest rate among all sectors analyzed and representing a dramatic escalation from approximately 2% just 15 years ago.
Healthcare organizations, another critical infrastructure pillar heavily dependent on connected medical devices and patient monitoring systems, face their own mounting challenges, with a 9.1% annual incident probability, according to the Cyentia Institute. This represents a substantial increase from historical baselines and reflects the sector's growing reliance on networked medical equipment, electronic health records systems, and telemedicine platforms that blur the traditional boundaries between IT and operational technology.
The energy sector, although historically maintaining lower incident rates, exhibits concerning upward trends that should alarm utility executives and grid operators. The report notes that "energy and supply chain sectors are creeping up in incident frequency," with utilities no longer sitting safely below what Cyentia Institute dubbed "the statistical danger line." As the power grid becomes increasingly smart and interconnected, the attack surface expands exponentially through smart meters, grid management systems, and renewable energy platforms.
"I don't find this surprising," said Wade Baker, co-founder and partner at Cyentia Institute. "There's been a lot of focus on [this] issue. And since attackers stand to make a lot of money if they can ransom or disrupt OT/ICS environments, that gives them ample incentive to ramp up their efforts," Baker said.
The financial implications of these trends are staggering. The study reveals that typical security incidents now cost organizations 15 times more than they did in 2008, with median losses having risen from $190,000 to almost $3 million. For manufacturing firms, which often operate on thin margins and face significant operational disruption costs, these escalating financial impacts can devastate their competitive positioning and operational budgets.
Baker explained that some of the increase in known losses may be due to more comprehensive disclosure of losses than existed a decade ago, and another factor is the rise in costly disruptive events. "We didn't directly include it in the report, but incidents that compromise availability are generally more expensive than those that impact confidentiality and integrity," he explained.
The attack vectors that threat actors target within these connected operational environments reflect the evolution of tactics. Valid account compromise — often targeting the credentials that provide access to industrial control systems and connected devices — remains the dominant attack method, accounting for a substantial portion of initial access attempts.
"Incidents that compromise availability are generally more expensive than those that impact confidentiality and integrity."
—Wade Baker
Web application exploits have surged, rising from single-digit percentages to 38% of intrusions over the past decade. This trend directly correlates with the proliferation of web-enabled interfaces for industrial equipment, medical devices, and energy management systems. As organizations embrace remote monitoring capabilities and cloud-based device management platforms, they inadvertently expand their attack surfaces in ways that cybercriminals are increasingly exploiting.
The growing threat to trusted relationships represents another critical vulnerability in operational technology environments. The report finds that attacks targeting third-party vendor connections have become increasingly common, particularly among large organizations that depend on interconnected ecosystems of suppliers, maintenance providers, and technology vendors. In operational technology environments, where specialized vendors often require remote access for maintenance and support, these third-party relationships create potential vulnerabilities that adversaries can exploit to compromise critical systems.
Organizations must implement asset inventory and management systems that provide visibility into their connected devices, deploy network segmentation to isolate critical operational systems, and establish continuous monitoring capabilities that can detect anomalous behavior across their integrated IT-OT environments.
Energy sector leaders must recognize the increased risk they face. Smart grid technologies, while essential for modernizing electrical infrastructure, create new entry points for adversaries seeking to disrupt critical services. The integration of renewable energy sources, energy storage systems, and distributed generation assets further complicates the security landscape by introducing numerous connected devices that may lack robust security controls.
Manufacturing organizations face perhaps the most complex challenge as they balance operational efficiency gains from connected systems against escalating cyber risks. Industrial Internet of Things devices, predictive maintenance systems, and supply chain integration platforms all represent potential vectors for attack. When cybercriminals successfully compromise manufacturing operations, the impacts can cascade throughout entire supply chains, affecting everything from production schedules to product quality.
The study's findings underscore the critical need for organizations in these sectors to fundamentally recalibrate their current approach to security and determine if they are making the right amount of security investments in the right areas.
The way forward requires a strategy that addresses both the technological and human elements of operational technology security. Organizations must implement asset inventory and management systems that provide visibility into their connected devices, deploy network segmentation to isolate critical operational systems, and establish continuous monitoring capabilities that can detect anomalous behavior across their integrated IT-OT environments.
After all, as these critical infrastructure sectors continue their digital transformation efforts, the cybersecurity challenges they face will only intensify.
George V. Hulme is an award-winning journalist and internationally recognized information security and business technology writer. He has covered business, technology, and IT security topics for more than 20 years. His work has appeared in CSOOnline, ComputerWorld, InformationWeek, Security Boulevard, and dozens of other technology publications. He is also a founding editor at DevOps.com.
