Claroty recently published their State of CPS Security 2025: OT Exposures report. The report analyzes nearly one million OT devices, most of which are found in the manufacturing, logistics and transportation, and natural resources sectors. The data shows that many organizations face the challenge of prioritizing which vulnerabilities to remediate first due to the sheer number of KEVs (known exploited vulnerabilities) present across OT devices.

Key findings include:

12 percent of OT devices analyzed contain KEVs and 40 percent of organizations have a subset of these devices insecurely connected to the internet.

Seven percent of OT devices are exposed with KEVs linked to known ransomware samples, with 31 percent of organizations having these assets insecurely connected to the internet.

12 percent of industrial organizations had OT assets communicating with malicious domains, underscoring active threats.

The manufacturing industry was found to have the highest number of devices with confirmed KEVs , devices with confirmed KEVs linked to ransomware, and devices with confirmed KEVs linked to ransomware and insecurely connected to the internet.

The report also offered perspective on some active threat actors: