Dragos Inc., a leader in operational technology (OT) cybersecurity, has released its 2025 OT Security Financial Risk Report, conducted with Marsh McLennan’s Cyber Risk Intelligence Center. Unveiled on August 12, 2025, this first-of-its-kind analysis quantifies the financial impact of OT cyber incidents, highlighting a potential $329.5 billion in global risk and identifying key controls to mitigate losses.
The report reveals that OT cyber incidents pose a staggering $329.5 billion in potential global financial risk, with $172.4 billion attributed to business interruptions in a severe 1-in-250-year scenario. “Executives are increasingly accountable for managing cyber risks, but many still lack a clear line of sight into OT environments,” said Robert M. Lee, CEO and Co-founder, Dragos Inc. “The ability to quantify OT cyber risk and correlate it to potential financial losses is a game-changer.” The study uses statistical modeling from over tens of thousands of simulations to provide actionable insights.
Three OT cybersecurity controls stand out for their effectiveness:
“For years, organizations have lacked the context needed to understand OT cyber risk in business and financial terms,” said Mark Stacey, VP, Risk and Resilience Solutions at Dragos. “This study fills that gap—linking real-world financial data with OT-specific security controls.” These controls, aligned with the SANS ICS Five Critical Controls, offer a practical path to risk reduction.
The report identifies three barriers hindering effective OT risk management: undefined financial impact, unclear ROI on security investments, and prioritization challenges. By mapping controls to measurable outcomes, the study provides a framework for executives and insurers to justify investments. “This report offers new visibility into the financial modeling of OT risk and provides insurers and OT operators alike with the confidence to take action,” said Scott Stransky, Head of the Cyber Risk Intelligence Center at Marsh McLennan.
With rising OT-targeting malware and regulatory mandates like the SEC’s 8-K cyber incident reporting rules, the need for robust OT security frameworks is critical. The report’s data-driven approach helps organizations prioritize investments that align with compliance requirements and reduce financial exposure, particularly in high-risk sectors like manufacturing and critical infrastructure.
Dragos’ 2025 OT Security Financial Risk Report marks a pivotal step in understanding and mitigating OT cyber risks. By quantifying financial exposure and linking it to proven controls, it empowers organizations to strengthen their defenses and build resilience against evolving threats.
Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. After nearly a decade of real-world experience handling landmark attacks on OT networks, Dragos understands the complexity and risks of industrial environments, which operate on massive scale with unique systems and exacting availability requirements and are not protected by IT cybersecurity.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.