Forescout has released new research warning that industrial control systems (ICS) are facing unprecedented levels of cyber risk, with 2025 marking the highest number of recorded vulnerabilities to date.
The report, ICS Cybersecurity in 2026: Vulnerabilities and the Path Forward, reveals that 508 ICS advisories were published in 2025, covering a total of 2,155 vulnerabilities, marking a record high. At the same time, severity levels are rising sharply, underscoring mounting risks to critical infrastructure worldwide.
According to the findings, the average Common Vulnerability Scoring System (CVSS) score has climbed to 8.07, representing a 25% increase since 2010. Notably, 82% of advisories are now classified as high or critical severity.
The most vulnerable assets include field controllers, programmable logic controllers (PLCs) and SCADA systems, core components that underpin industrial operations across sectors such as manufacturing, energy, transportation and healthcare.
Visibility Gaps Create Dangerous Blind Spots
Beyond the rising volume and severity of vulnerabilities, Forescout’s research highlights a concerning lack of coordinated visibility.
In 2025 alone, 134 vendors disclosed vulnerabilities without corresponding advisories from the US Cybersecurity and Infrastructure Security Agency (CISA). Of these, 61% were rated high or critical. This disconnect creates potential blind spots for defenders who rely on centralised advisories to prioritise remediation and risk management.
Manufacturing, energy and transportation remain the most targeted sectors, reflecting their reliance on interconnected operational technology (OT) environments and legacy systems. However, healthcare has now surged to become the fourth most affected sector, signalling an expansion of industrial-style risk into environments traditionally viewed through an IT security lens.
A 15-Year View of Escalating Risk
Drawing on more than 15 years of ICS advisory data, the report combines long-term trend analysis with sector-specific insights and expert commentary. The research paints a clear picture: industrial environments are becoming more connected, more exposed and more difficult to defend using traditional approaches.
As digital transformation accelerates across critical infrastructure, legacy OT systems are increasingly integrated with IT networks and cloud-connected services. While this brings operational efficiencies, it also expands the attack surface and exposes industrial environments to threats previously confined to enterprise IT.
The Path Forward
The report outlines practical mitigation strategies aimed at reducing exposure and strengthening resilience. Key recommendations include:
-
Improving asset visibility across IT and OT environments
-
Strengthening vulnerability prioritisation processes based on exploitability and operational impact
-
Closing advisory and disclosure gaps through better coordination between vendors and government agencies
-
Accelerating patch management where feasible, while deploying compensating controls in environments where patching is not operationally possible
The findings reinforce a growing consensus within the cybersecurity community that securing critical infrastructure requires continuous monitoring, cross-sector collaboration and a shift from reactive patching to proactive risk management.




