Skip to main content
HomeTopicsCritical Infrastructure

Critical Infrastructure

We've curated 18 cybersecurity statistics about Critical Infrastructure to help you understand how essential systems like power grids and water supplies are becoming increasingly vulnerable to cyberattacks in 2025.

Showing 1-18 of 18 results

Energy, oil/gas, and utilities reported an 80% breach rate and federal/central government report a 78% breach rate, the highest across industries surveyed.

Sophos5/27/2026
GovernmentIdentity Attack

Nearly 70% of organizations operate in manufacturing and critical infrastructure sectors under shared IT/OT governance models.

Secomea5/27/2026
IT/OT GovernanceIndustrial Security

Where IT/OT alignment weakens in organizations in manufacturing and critical infrastructure sectors, vendor-related incident exposure nearly triples.

Secomea5/27/2026
IT/OT GovernanceVendor Risk

Organizations in manufacturing and critical infrastructure sectors implementing all five core Zero Trust principles reach visibility levels not achieved through tooling alone.

Secomea5/27/2026
Zero TrustSession Visibility

Organizations in manufacturing and critical infrastructure sectors using three or more remote access tools report lower session visibility and higher friction than organizations operating consolidated environments.

Secomea5/27/2026
Tool FragmentationRemote Access

Only 43% of organizations in manufacturing and critical infrastructure sectors report full audit trails of vendor sessions.

Secomea5/27/2026
AuditabilityVendor Access

Organizations in manufacturing and critical infrastructure sectors managing 21–100 external vendors report the highest incident exposure levels.

Secomea5/27/2026
Vendor AccessVendor Risk

96% of Chief Information Security Officers (CISOs) agree that the convergence of operational technology (OT) and information technology (IT) security is essential for protecting critical infrastructure from emerging threats.

Trellix12/13/2025
CISOOT/IT Convergence

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

Trellix11/22/2025
Operational technologyRansomware

The energy sector experienced a 387% increase in attacks compared to the previous year.

ZScaler11/9/2025
Energy Sector

In 2025, 50% of all ransomware attacks are projected to target critical infrastructure, highlighting the urgent need for enhanced cyber resilience strategies.

KELA10/21/2025
Ransomwarecritical infrastructure

In 2025, 2,332 ransomware incidents targeted critical infrastructure, accounting for 50% of all incidents, compared to 1,745 incidents, which accounted for 54%, in 2024.

KELA10/21/2025
RansomwareCritical infrastructure

From January 1 to September 1, 2024, there were 3,219 total recorded ransomware incidents, with 1,745 incidents (54%) targeting critical sectors.

KELA10/21/2025
Ransomwarecritical infrastructure

In 2025, the United States accounted for roughly 1,000 ransomware incidents targeting critical infrastructure, representing 21% of all global ransomware attacks.

KELA10/21/2025
RansomwareGeography

From January 1 to September 1, 2025, there were 4,701 recorded ransomware incidents, with 2,332 incidents (50%) targeting critical sectors such as manufacturing, healthcare, energy, transportation, and financial services.

KELA10/21/2025
Ransomwarecritical infrastructure

41% of business and tech leaders prioritise changes in critical infrastructure location in response to the current geopolitical landscape.

pwc10/1/2025

Critical infrastructure remains a prime target for hactivist groups. Specifically: 44 attacks targeted government entities, including military services, 21% of attacks focused on the transportation and logistics sector, and 21% of attacks focused on the transportation and logistics sector..

Forescout4/29/2025
HacktivismCritical infrastructure

72% of IT leaders believe that the cyber capabilities of nation-state actors have the potential to trigger a full-scale cyberwar, with devastating consequences for global critical infrastructure.

Armis4/8/2025
CyberwarfareCritical infrastructure