A ransomware attack on Jaguar Land Rover’s operational technology last year disrupted its manufacturing processes, costing the company hundreds of millions of dollars in lost revenue and impacting its suppliers.
Organizations can expect to see more of these types of attacks, security specialists say. State-aligned and other bad actors are stepping up exploitation of building systems and other types of operational technology because they’re seen as easy targets.
“Building management systems and critical environments … were not built with security in mind,” Noam Moshe, head of Team82 at security company Claroty, told Facilities Dive in March. Team 82 conducts threat vulnerability research. Critical environments are highly controlled spaces where factors like temperature, humidity, air quality and particle counts are strictly regulated to protect products, processes and people.
“Most industrial organizations haven’t implemented meaningful OT segmentation at all,” Benny Lakunishok, CEO and co-founder of cybersecurity firm Zero Networks, said in a statement.
OT segmentation is a security strategy in which facilities separate their building systems and other operational technology from their organization’s broader network, making it harder for bad actors to use these OT systems to access an organization's high-value IT systems.
Increasing threat
Because of the wars in Iran and Ukraine, among other global geopolitical conflicts, state-aligned bad actors are looking for easy targets for disruption — which often means organizations’ operational systems, even when the organization isn’t considered a high-value target, according to Moshe.
“We are seeing a very big influx with less-sophisticated attackers that, essentially, exploit these insecure-by-design mechanisms,” Moshe said.
Zero Networks said Wednesday its operational technology customers grew 80% year over year, with 26% of its new deals including OT environments.
“Zero Networks’ rapid growth reflects a broader market shift as … operators seek practical ways to segment industrial networks and secure converged IT and OT environments amid escalating threats and mounting regulatory pressure,” the company said.
Almost 40% of its customers have added its services to their operational technology after focusing first on their IT systems, which the company says is indicative of how the threat landscape is changing and how costly and disruptive an OT breach can be.
“In OT environments, the impact is not just data loss — but downtime, safety risk and revenue disruption,” it said.
The company pointed to the losses Jaguar Land Rover sustained from its breach as an example. The attack halted “production across multiple plants and [drove] billions in economic impact,” Zero Networks said.
Moshe said in an interview that organizations can expect to see more attacks like these. “There’s a big shift,” he said. “In the past, we would think about an attack on critical infrastructure as very pinpoint, looking for a specific target. … We are now seeing a different approach of [attackers] essentially going [after] whomever is exposed. Attackers don’t care anymore who their target is, except for it being in a specific country.”
A 2026 resiliency insights report by WiredScore underscores the rising threat. “The speed of digitization is far outpacing the speed of cybersecurity enhancements,” the report said. WiredScore is a global certification body for digital connectivity and smart building performance.
“A single compromise can cascade into operational disruption,” Zero Networks warns.
