Claroty Celebrates More Key Public Sector Investments
Learn More
 
English Deutsch Español Français Italiano Português 日本語 한국어 繁體中文
Request a Demo
Claroty Toggle Search

Report

State of CPS Security 2025: Building Management System Exposures

Team82’s analysis of the riskiest exposures to building management systems in critical industries.

Team82’s analysis of the riskiest exposures to building management systems in critical industries.

View the Report

In this report, our objective is to provide insights into the riskiest exposures to building management systems (BMS) across asset-intensive enterprises in various sectors, including commercial smart buildings, retail warehousing, data centers, and hospitality organizations that often rely heavily on BMS assets for operational sustainability.

As buildings get “smarter,” building management systems are going to be connected online with greater frequency. Many of these systems do not support cybersecurity features, and direct connectivity to the enterprise network or public internet introduces new risks to the business. Our aim is to identify these exposures and recommend a strategic framework that acts as a remediation plan tailored for action.

Interested in learning about Claroty's Cybersecurity Solutions?

Request a Demo

Key Findings

From our analysis of more than 467,000 devices in 529 organizations, we identify where organizations are most exposed to known exploited vulnerabilities (KEVs), including KEVs known to have been leveraged in ransomware and extortion attacks, as well as insecure internet connectivity. This specific set of exposures amount to high-risk BMS that can be accessed remotely by threat actors and contain vulnerabilities actively exploited in the wild. In other words, these exposures collectively pose a real, imminent threat to organizations and are thus the highest priority for remediation efforts.

View Report

From our analysis of more than 467,000 devices in 529 organizations, we identify where organizations are most exposed to known exploited vulnerabilities (KEVs), including KEVs known to have been leveraged in ransomware and extortion attacks, as well as insecure internet connectivity.

Identifying the Riskiest BMS Exposures

Team82’s analysis of BMS exposures raises some concern about the numbers and percentages of organizations affected by KEVs—including those used in ransomware attacks—and those where BMS is insecurely connected to the internet. 

For example, 75% of organizations are managing BMS devices with KEVs. The presence of KEVs, especially those linked to known ransomware attacks, should add a measure of urgency in terms of remediation given that these flaws are known to have been exploited in publicly reported attacks. Insecure connectivity, meanwhile, compounds the risk given that most attackers can leverage this type of access as an initial foothold on the network.

Team82’s analysis of BMS exposures raises some concern about the numbers and percentages of organizations affected by KEVs—including those used in ransomware attacks—and those where BMS is insecurely connected to the internet.
View report

Recommendations

We recommend the following five-step action plan to curb the impact of BMS exposures. The plan provides a strategic framework beyond traditional vulnerability management and presents cybersecurity decision-makers and asset owners with a true assessment of their security posture, as well as a remediation plan tailored for action by risk management teams and understandable by executives:

We recommend the following five-step action plan to curb the impact of BMS exposures. The plan provides a strategic framework beyond traditional vulnerability management and presents cybersecurity decision-makers and asset owners with a true assessment of their security posture, as well as a remediation plan tailored for action by risk management teams and understandable by executives:
View report

From our analysis of more than 467,000 devices in 529 organizations, we identify where organizations are most exposed to known exploited vulnerabilities (KEVs), including KEVs known to have been leveraged in ransomware and extortion attacks, as well as insecure internet connectivity.
Claroty
LinkedIn Twitter YouTube Facebook