Since 2020, Forescout Research – Vedere Labs has tracked the riskiest connected devices across enterprise networks using telemetry from the Forescout Device Cloud. The 2026 findings reveal an attack surface that is broader, faster-moving, and harder to manage than at any point in this research’s history.
Attackers are no longer focusing narrowly on traditional IT. They are actively targeting a growing range of device categories — many of which are difficult to inventory, harden, or patch consistently. Here is a snapshot of how quickly things have changed:
- 11 device types appear on this year’s list for the first time.
- 40% of the riskiest device types were not on the list a year ago.
- 75% were not on it two years ago.
The attack surface is not just expanding. It is accelerating.
The Riskiest Devices of 2026
For the 2026 edition, we continue our data-driven approach, analyzing millions of devices with our multifactor risk scoring methodology to assess the most at-risk device types in enterprise environments.
The table below shows which are these devices in 2026. New entries are in blue. Recurring entries are highlighted as follows: red indicates they moved up in the rankings from 2025, green indicates they moved down.
| IT | IoT | OT | IoMT |
|---|---|---|---|
| Router | VoIP System | Power Distribution Unit (PDU) | Medication Dispensing System |
| Serial-to-IP Converter | Printer | Physical Address Control System | Medical Image Printer |
| Workstation | Time Clock | Uninterruptible Popwer Supply (UPS) | DICOM Gateway |
| Firewall | Network Video Recorder (NVR) | I/O Module | MRI Scanner |
| Domain Controller | RFID Reader | BACnet Router | Healthcare Workstation |
Of the 20 riskiest device types identified in 2026, nine also appeared in the 2025 report:
- Routers, VoIP systems and UPS devices have appeared consistently since 2022.
- Routers moved from fifth (2025) to first (2026) in IT. They were also the first in 2024 and 2022 — and third in 2023.
- VoIP systems moved from third (2025) to first (2026) in IoT. They were second in 2024, fifth in 2023, and second in 2022.
- UPS devices moved from fifth (2025) to third (2026) in OT. They were the first in that category in 2024 and 2023, up from third in 2022.
- Domain controllers, firewalls and NVRs first appeared in 2024.
- Firewalls moved from third (2025) to fourth (2026) in IT.
- Domain controllers moved from fourth (2025) to fifth (2026) in IT.
- NVRs moved from first (2025) to fourth (2026) in IoT.
- Physical access control systems and imaging systems appeared last year, and healthcare workstations also appeared in 2025 and 2023.
- Physical access control systems moved from fourth (2025) to second (2026) in OT.
- In 2025, imaging devices ranked first in IoMT; in 2026, MRI scanners appear as a named device type and rank fifth (2026) in IoMT.
- Healthcare workstations moved from third (2025) to fifth (2026) in IoMT.
Full details of the riskiest device types in 2026 are available in the full report.
Go deeper: Watch our on-demand webinar with Daniel dos Santos, VP of research.
Other Key Findings
- Financial services and government show materially higher average risk than other industries in our dataset:
- Financial services risk is more than three times that of retail.
- Government risk is more than double that of manufacturing.
- The gap between these two sectors and the rest of the field is stark.
- Operating system (OS) fragmentation is widening the attack surface:
- Special-purpose OSes dominate in government, healthcare, and retail.
- Traditional IT OSes remain the dominant in financial services and manufacturing.
- Mobile OSes have declined to the point that they are meaningfully represented only in healthcare (8% of devices).
- The end of Windows 10 support is reshaping the legacy OS landscape:
- Legacy Windows OSes are most prevalent in retail (39%), healthcare (35%), and financial services (29%).
- Printers, switches, and IP phones most commonly run outdated or unsupported firmware and are frequently overlooked in patch management programs.
- Protocol exposure is shifting from IT to embedded management access:
- RDP and SMB have stabilized or declined across nearly every industry.
- SSH and Telnet are rising across most industries, signaling growing exposure of OT and IoT infrastructure management interfaces.
- Credential and vulnerability hygiene remain persistent weaknesses:
- Default credentials are most common on printers, print servers, PLCs, and serial-to-IP converters.
- Routers and switches average 32 vulnerabilities per device. They account for 34% of devices with the most critical vulnerabilities, making them among the most exposed and consequential targets on the network.
For the complete picture, access the full report.
How to Mitigate Device Risk
The attack surface in modern organizations spans IT, IoT, and OT, with the Internet of Medical Things adding complexity in healthcare. Focusing security efforts on a single domain is no longer sufficient: attackers exploit weaknesses across multiple environments and pivot between them. From ransomware targeting IP cameras and routers to IT malware infecting OT workstations and IoT botnets with credentials for medical systems, the impact is real.
The report assessed the current risk across this expanded attack surface and identified the riskiest connected devices that warrant priority attention. Effective defense requires security strategies that identify, prioritize, and reduce risk across IT, OT, IoT, and IoMT — rather than manage each domain in isolation. As threat actors increasingly target network infrastructure and other less-protected devices alongside traditional endpoints, organizations need a consistent approach to risk and exposure management across all connected devices.
Mitigation should also scale beyond assessment. Organizations benefit from automated controls that operate across the enterprise, not only within isolated IT, OT, or IoT environments. Do not rely exclusively on endpoint agents. To sustain, controls should support continuous risk reduction, enforcement, and verification across interconnected systems.