Industrial organizations under increasing fire as attackers target operational technology

Attacks on operational technology (OT) are surging, according to new research, with industrial organizations the biggest target of ransomware in every single month over the last year.

According to a new analysis from cyber security firm NCC Group, in the 12 months to March 2026, industrial organizations experienced 2,073 ransomware attacks, accounting for 30% of all ransomware activity.

Manufacturers of capital goods such as machine equipment and infrastructure were particularly hard-hit, accounting for 1,192 attacks. Within this industry, machinery was the most-targeted sub-sector, with 442 attacks, followed by construction and engineering with 394.

“Our data shows that many organizations continue to prioritize IT security while underestimating the exposure of their operational environments," said Ray Robinson, OT director at NCC Group.

Latest Videos From

"When OT systems are disrupted, the impact goes far beyond data loss - production can halt, essential services can be disrupted, and in some cases, lives can be put at risk.”

Governments worldwide are growing increasingly concerned about the issue. In the UK, Network and Information Systems (NIS) Regulations require operators of essential services to put proportionate technical and organizational measures in place to manage cyber risk across both IT and OT environments.

Meanwhile, the Cybersecurity Act and sector-specific guidance cover OT governance, incident reporting, resilience, and supply-chain security.

“Regulators are increasingly clear that OT environments fall within scope of cyber resilience obligations, particularly where systems support essential services or public safety," said Katarina Sommer, global head of government affairs and analyst relations at NCC Group.

"Organizations that focus compliance efforts solely on IT risk are exposing themselves to operational, regulatory and safety consequences, so it’s key that organizations treat OT risks in the same way they approach IT security.”

Earlier this year, the National Cyber Security Centre (NCSC), along with US, Australian, Canadian, and European authorities, issued a new guide for OT owners and operators aimed at helping them integrate 12 security considerations into their procurement processes.

These include making sure that the product allows for security and safety logging, has strong authentication controls, protects data, is configured in a secure way by default, and is supported by established vulnerability management processes by the manufacturer.

“As cyber attackers increasingly target operational technology around the world, it has never been more vital for critical infrastructure operators to ensure security is baked into the systems they use," said Jonathon Ellison, NCSC director of national resilience and future technology.

State-backed hackers targeting operational technology

Many attacks on OT systems come from nation state-affiliated actors, with the US Office of the Director of National Intelligence warning in its 2026 Annual Threat Assessment of the US Intelligence Community that China, Russia, Iran, and North Korea will continue to target the sector.

US director of national intelligence, Tulsi Gabbard, said nation state-backed threat groups typically target these systems to collect intelligence, create options for future disruption, and also for financial gain.

"China and Russia present the most persistent and active threats and are continuing their R&D efforts. North Korea’s cyber program is sophisticated and agile," she said.

"In 2025 alone, North Korea’s cryptocurrency heists probably stole $2 billion which is helping to fund the regime, including further development of its strategic weapons programs."

Recent targets have included Jaguar Land Rover (JLR), US water and wastewater systems and electrical subsystems, and the Ukraine power grid.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.