The Internet of Things (IoT) continues to expand at an unprecedented rate, bringing tremendous operational benefits alongside equally significant security risks. As organizations deploy more connected devices across their networks, the attack surface grows exponentially. This comprehensive breakdown of IoT security statistics reveals the scale of the challenge facing enterprises today.
Key Takeaways
- Connected devices now number over 21 billion globally, projected to reach 39 billion by 2030
- Organizations face an average of 820,000 IoT attacks daily, a 46% increase from the previous year
- More than 50% of all IoT devices contain critical vulnerabilities that attackers can exploit immediately
- Routers account for over 75% of all IoT-related cyberattacks
- The healthcare sector experiences the highest breach costs at $10 million per incident
- IoT malware attacks surged 124% year-over-year
- The United States accounts for 54% of observed IoT attacks globally
- One in three data breaches now involves an IoT device as the initial entry point
- Unpatched firmware is responsible for 60% of IoT security breaches
IoT Device Deployment by Industry
Organizations across different sectors are adopting IoT at varying rates, creating distinct risk profiles based on device density and types. Healthcare leads in device density due to the proliferation of Internet of Medical Things (IoMT) equipment, while manufacturing environments contain the widest range of device types from legacy controllers to modern AI-enabled sensors.
Sector | Average IoT Devices per Organization | Primary Device Types | Year-over-Year Growth |
|---|---|---|---|
Healthcare | 15,000–25,000 | Medical devices, patient monitors, infusion pumps | 18% |
Manufacturing | 10,000–50,000 | Industrial sensors, robotic controllers, PLCs | 16% |
Education | 8,000–20,000 | Smart boards, campus sensors, access controls | 22% |
Retail | 5,000–15,000 | Point-of-sale systems, inventory trackers, cameras | 14% |
Financial Services | 3,000–8,000 | Building management, security systems, ATMs | 11% |
Energy & Utilities | 5,000–12,000 | Smart meters, grid sensors, monitoring equipment | 25% |
Government | 4,000–10,000 | City infrastructure, surveillance, access control | 19% |
Transportation | 6,000–18,000 | Fleet trackers, logistics sensors, smart terminals | 21% |
Key Insights:
- The Energy & Utilities and Education sectors are experiencing the fastest IoT expansion, with year-over-year growth of 25% and 22%, respectively, reflecting high adoption of smart infrastructure and connected devices.
- Healthcare maintains the largest IoT deployment per organization, ranging from 15,000 to 25,000 devices, driven by extensive use of medical devices, patient monitors, and infusion pumps.
Vulnerability Rates by Device Category
More than 50% of IoT devices contain critical vulnerabilities that hackers can exploit without authentication. Routers present the highest risk profile, with nearly two-thirds containing exploitable vulnerabilities. The situation worsens because 32% of deployed routers run on unsupported firmware that will never receive security patches.
Device Category | Percentage with Critical Vulnerabilities | Average CVEs per Device Type | Median Time to Patch |
|---|---|---|---|
Routers | 62% | 12.3 | Never (32% unsupported) |
IP Cameras | 58% | 8.7 | 180+ days |
Network Video Recorders | 55% | 9.2 | 120+ days |
Medical Devices | 52% | 6.4 | 90+ days |
Building Management Systems | 48% | 7.8 | 60+ days |
Industrial Controllers | 45% | 11.6 | 45+ days |
Network Attached Storage | 43% | 10.1 | 90+ days |
Smart TVs | 41% | 5.8 | Never (48% unsupported) |
Access Control Systems | 39% | 7.2 | 75+ days |
Printers | 37% | 6.9 | 120+ days |
Key Insight:
- Medical devices face unique challenges. While they contain fewer total vulnerabilities than routers, the consequences of exploitation are far more severe, with healthcare IoT breaches averaging $10 million per incident.
Attack Distribution by Industry Sector
Manufacturing and transportation sectors combined account for 40% of all IoT malware incidents. Attackers target these industries because operational disruption creates immediate financial pressure. The energy sector experienced a staggering 459% increase in IoT-based attacks from mid-2024 to mid-2025, reflecting both increased device deployment and heightened interest from nation-state threat actors.
Industry | Percentage of Total IoT Attacks | Most Targeted Devices | Primary Attack Types | Average Cost per Incident |
|---|---|---|---|---|
Manufacturing | 20% | Industrial sensors, PLCs | Ransomware, disruption | $4.2M |
Transportation | 20% | Fleet trackers, logistics sensors | Data theft, disruption | $3.8M |
Healthcare | 16% | Medical devices, cameras | Ransomware, data theft | $10.0M |
Energy & Utilities | 14% | Smart meters, grid sensors | Sabotage, espionage | $5.6M |
Retail | 12% | POS systems, inventory trackers | Data theft, fraud | $2.9M |
Education | 8% | Campus IoT, access controls | DDoS, data theft | $1.8M |
Financial Services | 6% | ATMs, building systems | Data theft, fraud | $6.4M |
Government | 4% | City infrastructure, sensors | Espionage, disruption | $4.7M |
Key Insights:
- Healthcare and Financial Services face the highest per-incident costs, highlighting the critical nature of securing sensitive data and devices in these sectors.
- Manufacturing and Transportation are the most frequent targets, emphasizing the need for operational continuity and protection of industrial IoT systems.
IoT Security Spending by Sector
Global cybersecurity spending reached $213 billion in 2025, with IoT security accounting for a growing share of that investment. Healthcare and financial services dedicate the highest per-device security spending due to regulatory requirements, while manufacturing allocates lower per-device spending but manages far larger device populations.
Sector | Average IoT Security Spend per Device | Percentage of IT Budget | Primary Investment Areas | Projected 2026 Increase |
|---|---|---|---|---|
Energy & Utilities | $110 - $160 | 20% | Critical infrastructure protection, monitoring | 28% |
Financial Services | $95 - $140 | 22% | Zero trust, monitoring, incident response | 24% |
Healthcare | $85 - $120 | 18% | Device visibility, segmentation, compliance | 22% |
Government | $70 - $105 | 16% | Critical infrastructure, compliance | 26% |
Manufacturing | $45 - $75 | 12% | OT security, network segmentation | 19% |
Retail | $40 - $65 | 11% | POS security, network monitoring | 17% |
Education | $35 - $55 | 9% | Device management, basic security | 15% |
Transportation | $50 - $80 | 13% | Fleet security, logistics | 20% |
Key Insights:
- Energy companies invest heavily due to critical infrastructure designation and the potential for catastrophic physical consequences from cyberattacks.
- HIPAA compliance for medical devices drives significant investment in healthcare.
About ORDR
ORDR provides AI-powered asset intelligence and automated zero-trust security for connected devices across healthcare, manufacturing, and enterprise environments. The platform delivers real-time visibility into every IT, IoT, OT, and IoMT asset, enabling security teams to discover unknown devices, assess risk, and automatically enforce protective policies.
With customers including Cleveland Clinic, CHRISTUS Health, and major manufacturing organizations, ORDR helps security teams bring order to the chaos of connected device proliferation. The platform's passive network analysis identifies device types, communication patterns, and vulnerabilities without requiring agents or impacting operations.
For more guidance on IoT security planning and investment strategies, contact our team to discuss your organization’s needs and explore tailored solutions.
Sources
- Bitdefender. "The 2025 IoT Security Landscape Report."
- JumpCloud. "IoT Security Risks: Stats and Trends to Know in 2025."
- IoT Analytics. "Number of connected IoT devices growing 14% to 21.1 billion globally."
- Forescout. "Forescout's 2025 report reveals surge in device vulnerabilities across IT, IoT, OT, and IoMT."
- EInfochips. "Impact of IoT Security on Different Domains in 2025."
- DeXpose. "IoT Hacking Statistics 2026."
- Gartner. "Gartner Forecasts Worldwide End-User Spending on Information Security to Total $213 Billion in 2025."
- Fortune Business Insights. "Internet of Things (IoT) in Healthcare Market.”