Since 2020, Forescout Research – Vedere Labs has been monitoring the riskiest devices in organizational networks using data sourced directly from 19 million devices within our Device Cloud. This marks our fifth report in six years.
Attackers continue to find unique ways to enter networks.
Back in 2018, a casino’s network was hacked through an internet-enabled fish tank. Today, the Akira ransomware gang used IP cameras to launch malware to bypass EDR detections — something we demonstrated in our R4IoT research in 2022.
Our latest findings confirm a trend first noted last year: Network equipment, especially routers, has overtaken endpoints as the riskiest category of IT devices. This shift is driven by increased threat actor focus. Adversaries can rapidly identify and exploit new vulnerabilities in networking devices with large-scale attack campaigns.
Meanwhile, 12 new device types are making a first appearance — marking the largest year-over-year change observed to date. This underscores attackers’ growing interest in targeting emerging device types.
The Riskiest Devices of 2025
For the 2025 edition, we continue our data-driven approach, analyzing millions of devices in Forescout’s Device Cloud using our multifactor risk scoring methodology to assess the most vulnerable devices in enterprise networks.
The table below shows which are these devices in 2025, with the new entries shown in blue.
| IT | IoT | OT | IoMT | |
|---|---|---|---|---|
| 1 | Application Delivery Controller (ADC) | Network Video Recorder (NVR) | Universal Gateway | Imaging Devices |
| 2 | Intelligent Platform Management Interface (IPMI) | Network Attached Storage (NAS) | Historian | Lab Equipment |
| 3 | Firewall | VoIP Systems | Building Management System (BMS) | Healthcare Workstations |
| 4 | Domain Controller | IP Camera | Physical Access Control Systems | Infusion Pump Controller |
| 5 | Router | Point of Sale (PoS) Systems | Uninterruptible Power Supply (UPS) | Picture Archiving and Communication System (PACS) |
Of the 20 riskiest device types identified in 2025, only eight were also featured in the 2024 report (and still remain on the list):
- Routers, VoIP systems, IP cameras, and UPS devices have consistently appeared since 2022
- NAS and BMS have remained since 2023
- NVR and PACS first appeared in 2024
Details of the riskiest device types in 2025 are available in the full report.
Other Key Findings
- Retail has the riskiest devices on average, followed by financial services, government, healthcare, and manufacturing.
- Industry-wide risk levels have increased by 15%
- The gap in risk scores between industry sectors is now minimal.
- The top three countries with the riskiest devices on average are Spain, China and the UK.
- As with industries, average risk per country rose (by 33%)
- Differences between individual countries narrowed
- Special-purpose operating systems (e.g. embedded firmware), are now more prevalent than mobile OSes across all industries
- The highest concentrations are in healthcare (16%), government (14%) and manufacturing (12%)
- The presence of these OSes grew in these three industries year-over-year
- Government has had the sharpest rise — from 8.6% last year to 14%
For the complete picture, including a breakdown of riskiest devices by Legacy Windows version, the most frequently vulnerable device type, and research methodology access the full report.
How to Mitigate Device Risk
The attack surface in modern organizations now spans IT, IoT and OT — with IoMT adding another layer of complexity in healthcare. Focusing security efforts on a single category is insufficient, as attackers exploit devices across different domains to execute attacks.
To defend the attack surface effectively, organizations must adopt modern security strategies that address risk across all device categories. A comprehensive risk and exposure management strategy must identify, prioritize and mitigate risk across IT, OT, IoT and IoMT — rather than treat them as silos. Avoid solutions that only address specific devices as these fail to provide a complete picture of risk. For example, OT or IoMT-only solutions cannot effectively assess IT risk, just as IT-focused tools lack visibility into specialized devices.
How Forescout Can Help
This report highlights that devices across every category can be prime targets for cybercriminals. Today, Forescout has announced the launch of the Forescout 4D Platform™ — a scalable solution spanning the four dimensions of today’s asset-rich and complex networks: Visibility, Assessment, Response, and Governance.
Whether cloud-based, on-premises, air-gapped, or cyber-physical systems, our new platform unifies asset intelligence and control with unrivaled cybersecurity depth, breadth, and economy of scale. The Forescout 4D Platform™ uses artificial intelligence and machine learning combined with threat intelligence in the Forescout Cloud to help limit device risk.
As part of this new platform, a new, cloud-based solution has also been launched: eyeScope. With built-in enterprise management and generative-AI reporting, organizations will instantly discover, classify, and monitor across IT, OT, IoT, or IoMT. Get a centralized view of all assets to monitor devices across multiple locations — seamlessly.
The Forescout 4D Platform™ with eyeScope delivers unified visibility and health monitoring for siloed cyber assets, so organizations can identify risky devices quickly and take immediate action. Security teams will now have a consolidated, up-to-date view of their device and compliance landscape – in context – installed in a fraction of the time of on-prem-only solutions.