Bitsight [published](https://www.bitsight.com/blog/2026-global-state-of-ics-ot-exposure) a report on Internet exposure of industrial control systems and operational technology (ICS/OT) for 2025. The study is based on monitoring 15 common ICS/OT protocols and opens with a positive note: the projected increase to 200,000 Internet‑accessible devices did not occur. Still, the global exposure level remains consistently high — around 170,000 such devices were detected each month on average in 2025.

Other key findings:

📊 About half of all Internet‑exposed ICS/OT devices use the Modbus and Niagara FOX protocols. The overall distribution of ICS/OT protocols by exposure frequency has remained stable.

📊 The sharpest growth in exposure was observed for the IEC 104, Apcupsd and ATG protocols. Among individual countries, Lithuania (+107% in IEC 104 devices), Germany (+109% in Apcupsd devices), and Portugal (with simultaneous increases across multiple industrial protocols: BACnet +59%, EtherNet/IP +37%, Modbus +86%, KNX +37%) stand out.

📊 When normalizing Internet‑exposed ICS/OT devices by total industrial power consumption, the highest exposure density appears in countries with relatively small consumption but high OT digitalization. Lithuania, Greece, and Denmark lead this normalized ranking.

>Researchers note that many industrial systems are reachable via IP addresses belonging to internet service providers (fixed, mobile, or satellite), not to specific organizations operating the devices. As a result, even when a vulnerable system is identified, it is often difficult to determine the actual owner and notify them of the risk.
_Unlike traditional IT systems, compromising ICS/OT environments can directly affect physical processes — such as power supply, building automation, and industrial production. Moreover, misconfigurations and identical deployment patterns often scale across multiple sites, turning single vulnerabilities into systemic risks that can impact entire sectors and regions at once. Mitigating this risk requires reducing ICS/OT exposure and improving asset visibility._

Bitsight: ICS/OT exposure has plateaued, but risk is increasing