Industrial Firms Overestimate Remote Security, Report Finds
A new global report finds that industrial organizations are overconfident in their remote access security. "The State of Industrial Remote Access 2026" highlights rising risks from third-party vendors and significant visibility gaps in operational technology (OT) systems.
The "confidence-to-evidence gap" is a critical finding; while many organizations express high confidence in their security posture, few have full auditability of vendor sessions. This discrepancy is most pronounced in companies managing 21 to 100 external vendors, where the likelihood of an incident is highest. Fragmented security tools and inconsistent credential hygiene for third parties often create these blind spots. A 2025 report from cybersecurity firm Dragos revealed that 65% of industrial operational technology (OT) environments suffer from insecure remote access conditions. These vulnerabilities are actively exploited, with ransomware attacks against industrial organizations surging by 49% year-over-year in 2025, impacting approximately 3,300 entities globally. Attackers frequently rely on abusing valid remote access credentials to pivot from IT networks into critical OT systems. Dragos has also identified 26 distinct threat groups specifically targeting industrial control systems, with three new groups—Azurite, Pyroxene, and Sylvanite—emerging in 2025. These groups are increasingly moving beyond simple network access and are now mapping physical control loops, indicating a clear intent to cause real-world, physical disruption to industrial processes. The financial consequences of a single OT breach can be severe. The average cost of a data breach in the industrial sector was $5.56 million in 2024, an 18% increase from the previous year. A quarter of industrial companies that suffered a cyberattack reported damages exceeding $5 million, with costs stemming from lost revenue, unplanned downtime, and equipment replacement. The 2021 cyberattack on a water treatment facility in Oldsmar, Florida, serves as a stark example of remote access vulnerabilities. An attacker gained access via the TeamViewer remote desktop software and attempted to increase sodium hydroxide levels in the water supply by over 100-fold. The intrusion was only stopped by an alert operator who noticed the mouse cursor moving on its own. In a more widespread incident, the aluminum producer Norsk Hydro was hit by the LockerGoga ransomware in 2019 after an employee opened an infected email. The attack forced the company to halt production and shift to manual operations across 170 sites in 40 countries, with the total financial impact estimated to be over $70 million.
