Home / Industry Pulse / Dragos 2026 Report: 46% Surge in Ransomware Attacks on Factories
Cybersecurity

Dragos 2026 Report: 46% Surge in Ransomware Attacks on Factories

2026-02-18 8 min read
Dragos OT Security Ransomware ICS IEC 62443 الأمن السيبراني أنظمة التحكم

Dragos 2026 Report: OT Cybersecurity Under Escalating Pressure

The Dragos 2026 Year in Review paints a sobering picture of operational technology security. Ransomware attacks targeting industrial organizations surged 46% year-over-year, and 60% of surveyed industrial enterprises reported experiencing at least one cybersecurity incident in the past twelve months. For plant engineers and operations managers, the report is a data-driven wake-up call.

The most critical finding is the attack vector distribution. A full 96% of OT-impacting incidents originated in the IT network and propagated laterally into industrial control systems. This confirms what security architects have warned for years: IT/OT convergence without proper segmentation creates a single blast radius. Attackers are not targeting PLCs and HMIs directly. They compromise Active Directory, move through flat networks, and eventually reach SCADA and DCS environments.

Dragos identified three new threat activity groups in 2025-2026, bringing the tracked total to 23. Two of the new groups focus on the energy sector, while the third targets water and wastewater utilities. All three leverage living-off-the-land techniques, using legitimate remote access tools already present in OT environments rather than deploying custom malware. This makes detection significantly harder for traditional signature-based defenses.

Legacy system vulnerabilities remain the structural weakness. Over 70% of industrial sites surveyed still operate at least one Windows system past end-of-life, and 40% lack any network monitoring on their OT segments. The report notes that many organizations have purchased security tools but have not operationalized them due to staffing shortages and configuration complexity.

What This Means for Engineers

The 96% IT-origin statistic should reshape how you prioritize security investments. If your OT network lacks proper segmentation from the IT domain, that is the single highest-impact remediation you can undertake. Secondarily, establish network visibility on the OT side. You cannot defend what you cannot see. The Dragos data makes one thing clear: the threat is not hypothetical. With 60% of industrial organizations already affected, the question is whether your facility has the monitoring and segmentation to detect lateral movement before it reaches critical process systems.

← Back to Industry Pulse