An Overview of Cybersecurity in Industrial Automation and Control Systems

The Evolving Threat Landscape

A significant increase in cyber threats targeting Industrial Automation and Control Systems (IACS) have recently been observed and recent reports indicate a substantial rise in nation-state attacks on Industrial Automation systems, often posing real-world physical risks to mission-critical and safety-critical environments.

Attacks are increasing in frequency, impact and sophistication and display the following trends: 1 References: 'BDO Cybersecurity Assessment for IACS and OT', 'CSA OT Cybersecurity Threat Landscape' and 'Waterfall Security 2025 OT Threat Report'.

• Nation-state groups targeting Operational Technology (OT) have nearly doubled, from 11 to 21, since 2019 and those with physical outcomes tripled, signaling escalating geopolitical risk.
• Broader industry targeting, with more persistent and sophisticated attacks.
• Cyber incidents with physical consequences are rising sharply across industrial sectors.
• There is a 146% increase in physically impacted OT sites as a result of cyberattacks, from 412 in 2023 to 1,015 in 2024.
• Industrial Automation and Control Systems (IACS) and their supply chains are now prime targets due to their increasing digital exposure.

Last update - February 2026