Nearly 40% of industrial enterprises worldwide now prioritize cybersecurity as a core operational requirement during digital transformation, according to a joint study by Kaspersky Lab and VDC Research1. The findings highlight growing concerns over AI-driven attacks, ransomware, and legacy system vulnerabilities, particularly in critical infrastructure sectors.
Key Findings for Security Leaders
The research reveals that industrial organizations face mounting pressure to secure operational technology (OT) environments. Kaspersky’s data shows a 58% increase in AI-powered supply chain attacks since 2023, with healthcare APIs being a prime target2. Meanwhile, ransomware incidents have risen by 47%, with average ransom demands reaching $1.2 million3.
TL;DR:
- 58% surge in AI-driven supply chain attacks (2023-2025)
- 47% increase in ransomware incidents, averaging $1.2M per payment
- Energy sector faces $2.1T in potential damages from OT vulnerabilities
- 65% of Russian firms rated “low” in cybersecurity readiness
Technical Breakdown of Industrial Threats
Energy sector vulnerabilities dominate the threat landscape. The OMICRON Framework identifies legacy SCADA systems as high-risk targets, particularly Modbus implementations. Researchers provided a Python script for vulnerability scanning:
import nmap
scanner = nmap.PortScanner()
scanner.scan('192.168.1.1', arguments='-p 502 --script modbus-discover')This script checks for exposed Modbus ports (502/TCP) and runs discovery scripts against industrial control systems. The Bastion Report (2024) notes that 65% of Russian industrial firms lack adequate defenses, recommending ISO 27001 adoption for baseline protection4.
Defensive Recommendations
For organizations managing industrial environments:
| Control | Implementation | Reference |
|---|---|---|
| Network Segmentation | Isolate OT systems from IT networks | NIST SP 800-82 |
| Patch Management | Prioritize updates for SCADA components | OMICRON Energy Report |
| Phishing Defenses | Train staff on deepfake voice scams | PwC 2025 Report |
The UN’s Shared Security Operations Center (SOC) model demonstrates effectiveness, having reduced incidents by 72% through automated patching across 41 agencies5. Similar approaches could benefit industrial operators.
Future Outlook
Emerging quantum computing threats and regulatory changes like the EU Cyber Resilience Act (2024) will reshape industrial security requirements. NIST’s CRYSTALS-Kyber algorithm is gaining traction as a post-quantum cryptography standard6.
As digital transformation accelerates, industrial enterprises must balance innovation with robust security frameworks. The 40% prioritization rate for cybersecurity reflects this growing recognition, though significant gaps remain in legacy system protection and threat response capabilities.
References
- Kaspersky Lab & VDC Research, “Industrial Cybersecurity Priorities Survey,” 2025.
- MITRE ATT&CK, “AI-Powered Supply Chain Attacks,” 2025.
- Deloros, “2025 Global Ransomware Survey,” 2025.
- Bastion Report, “Russian Industrial Cybersecurity Readiness,” 2024.
- JIU/REP/2021/3, “UN Shared SOC Implementation,” 2021.
- NIST, “Post-Quantum Cryptography Standards,” 2025.
