For the first time in seven years, the number of major operational technology (OT) cyber incidents went down in 2025 This article explores think ransomware ecosystem. . Since 2019, the number of OT cyberattacks that had some kind of physical effect on the victims has only gone up.
Waterfall Security Solutions found only 57 OT attacks that had a physical effect, which is a lot less than 2024, 2023, and even 2022. "I think these things are getting more stable, if not fixing themselves." We think the ransomware ecosystem is back up and running. "It's calmed down," says Andrew Ginter, who is in charge of industrial security at Waterfall.
"People, get your HMIs off the Internet."
Ginter says that human-machine interfaces (HMIs) are "basic stuff." He says that law enforcement action in the US and, strangely, in Russia has caused a lull in the ransomware scene, breaking up big groups. Unfortunately, the lack of public information about cyberattacks lately makes it hard to confirm this hypothesis.
When a company is hacked, it faces all kinds of legal risks, and these risks are even worse when it has to change its story after giving initial findings. "The lawyers are saying, 'If we give out a wrong piece of information, we could get sued. So don't give away too much information. "Give what the law requires and nothing more."
Other OTSEC trends: low sophistication and high severity.
Even though OT attacks were less common and less interesting from a technical point of view in 2025, many of the ones that did get through were very serious. For instance, the Jaguar Land Rover attack last summer is thought to have cost the company a billion dollars and the UK economy about $2.5 billion.
