May 2026 - Operational Technology (OT), which has widespread deployment across sectors, is increasingly coming under attack as the trend of IT/OT convergence continues. IT/OT convergence is the merging of IT, such as data management, with OT capabilities, including industrial control systems. The industrial sector is under particular pressure, as ransomware attacks increasingly target environments where disruption can have real-world consequences, according to new analysis from global cyber security firm NCC Group.
In the 12 months from March 2025, industrial organisations experienced 2,073 ransomware attacks. It was the most targeted industry every month of the period, accounting for 29.6% of all ransomware activity on average. This highlights the focus of threat actors on OT-heavy environments where cyber incidents can halt production, disrupt supply chains and impact public safety.
OT systems - which monitor, control and interact directly with physical processes - are fundamental to industrial operations and form a key component of the UK’s critical national infrastructure. As a result, cyber attacks on OT now present not only a business risk but a national resilience and regulatory concern.
Capital goods (e.g. machine, equipment and infrastructure manufacturers) organisations were particularly affected in the same 12-month period, accounting for 1,192 attacks. Machinery (442 attacks) and construction and engineering (394 attacks) emerged as the most targeted sub-sectors within capital goods, underscoring the vulnerability of OT-dependent environments to ransomware and operational disruption.
Ray Robinson, OT Director at NCC Group, said:
“Our data shows that many organisations continue to prioritise IT security while underestimating the exposure of their operational environments. When OT systems are disrupted, the impact goes far beyond data loss - production can halt, essential services can be disrupted, and in some cases, lives can be put at risk.”
As OT-focused attacks continue to rise, regulatory scrutiny is intensifying. The Network and Information Systems (NIS) Regulations require operators of essential services to implement proportionate technical and organisational measures to manage cyber risk across both IT and OT environments. The Cybersecurity Act and updated sector-specific guidance further strengthen expectations around OT governance, incident reporting, resilience and supply-chain security.
Katarina Sommer, Global Head of Government Affairs and Analyst Relations at NCC Group, added:
“Regulators are increasingly clear that OT environments fall within scope of cyber resilience obligations, particularly where systems support essential services or public safety. Organisations that focus compliance efforts solely on IT risk are exposing themselves to operational, regulatory and safety consequences so it’s key that organisations treat OT risks in the same way they approach IT security.”
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.