Publicly reported data suggests that truly consequential OT cyber incidents—those not stemming from ransomware on IT or internet-accessible OT systems—are extremely rare. In fact, only a small handful of such events are disclosed each year, and most fall into lower severity or isolated cases. The bulk of OT impacts come indirectly, when IT compromises cascade into operational disruptions or when OT systems are exposed on the Internet without adequate defenses.

However, insiders and security vendors with deeper visibility argue that the real number is significantly higher and growing. Many incidents likely remain unreported due to reputational risks or regulatory constraints. As threat actors improve their capabilities, direct attacks on OT systems are expected to become more frequent—and asset owners must prepare not only to reduce likelihood, but also to manage the impact when such low-frequency, high-consequence events occur.

‍

Source: https://dale-peterson.com/2025/10/01/what-is-the-true-level-of-ot-cyber-incidents/