International
Kai Thomsen, Director of Global Incident Response Services at Dragos - © Dragos
19.08.2025

New report on cyber attacks

Industrial facilities and critical infrastructure around the world face a massive, often underestimated threat. The latest ‘2025 OT Security Financial Risk Report’ from Dragos and Marsh McLennan uses statistical models to calculate the financial risk of OT cyber incidents for the first time and shows which security measures offer the greatest protection. This makes it a key tool for company management, insurers and security teams.

According to the report, up to 70% of the damage is attributable to indirect consequences such as production downtime or disrupted supply chains. These factors are not usually taken into account in traditional risk models. In an extreme but plausible scenario (a ‘1-in-250-year event’), the global financial risk could amount to 329.5 billion US dollars, 172.4 billion of which would be due to business interruptions alone.

Three steps with maximum impact

With the rise of specialised OT malware and stricter regulations such as the EU's NIS-2 directive, the pressure to act is growing. The critical measures outlined by the SANS Institute provide a proven basis for targeted and measurable investments to reduce risk. They are recognised by insurers, compliance teams and decision-makers.

The analysis identifies three particularly effective steps for reducing risk:

  • Incident response plan: up to 18.5%
  • Defensible architecture: 17.09%
  • ICS network visibility and monitoring: 16.47%
Lack of key performance indicators hinders investment

Despite rising attack numbers and growing attention at the executive level, many organisations across industries are failing to effectively manage or secure OT-specific cyber risks. The report identifies three key challenges: unclear financial consequences, unmeasurable ROI and a lack of prioritisation criteria. The report closes these gaps by linking real financial data with OT-specific security controls, creating a common basis for decision-making for executives, risk managers and insurers.

The 2025 OT Security Financial Risk Report is available for download here.