Waterfall Security

In 2025, 57 cyber attacks caused real-world damage in heavy industry, world-wide. This is a 25% drop from 2024, but that’s the tip of the iceberg

Most of this reduction is because of temporary factors affecting ransomware attacks. Nation-state and hacktivist attacks doubled, with most attacks targeting critical infrastructures. 

This is the only industry report focused exclusively on verified cyber incidents with physical consequences. The data set is public, all the incidents we use are included in the report’s appendix with links to public news reports.

Highlighted attacks include:

• Jaguar / LandRover – the most costly production shutdown in a decade,
• Colins Aerospace – a crippled software system caused flight cancellations and delays for weeks – highlighting the need for rapid recovery or manual fall-backs for critical systems operated and managed by third parties,
• Grounded and mis-directed ships – again highlighted the need for multiple independent checks on important external inputs, such as GPS signals, and
• Polish distributed generation – a near miss because the lights stayed on, an example of the Russian nation state targeting European critical infrastructures, and a cautionary tale about “bricking” control equipment. 

On Wed. March 25th, join Greg Hale of ICS Strive and Andrew Ginter of Waterfall Security, to explore what lies beneath all of 2025's OT breaches with physical consequences.

Key Takeaways:

Record-breaking costs of consequences

What is behind the drop in ransomware attacks

 Key defensive developments of 2025, in light of these threats