This year, a dozen brand-new asset types have made the list. It is the single largest year-over-year change observed in the report’s history. We analyzed industry, country, and device data taken directly from Forescout’s Device Cloud — one of the largest global repositories of IT, OT, IoT, and IoMT data in existence.
New riskiest asset types
YoY increase in risk for top 10 countries
Devices analyzed
Operating system versions
Device types highlighted in blue were not present in the 2023 Riskiest Devices report.
| IT | IoT | OT | IoMT | |
|---|---|---|---|---|
| 1 | Application Delivery Controller (ADC) | Network Video Recorder (NVR) | Universal Gateway | Imaging Devices |
| 2 | Intelligent Platform Management Interface (IPMI) | Network Attached Storage (NAS) | Historian | Lab Equipment |
| 3 | Firewall | VoIP Systems | Building Management System (BMS) | Healthcare Workstations |
| 4 | Domain Controller | IP Camera | Physical Access Control Systems | Infusion Pump Controller |
| 5 | Router | Point of Sale (PoS) Systems | Uninterruptible Power Supply (UPS) | Picture Archiving and Communication System (PACS) |
Computers have the highest number of vulnerabilities overall but not the most dangerous ones. Routers surpass computers — accounting for half of the most critical vulnerabilities.
IoMT devices – pump controllers, medication dispensing systems and workstations – have some of the most dangerous vulnerabilities – and highlight healthcare security risks.
Five of the top 10 device types also appear among the riskiest devices. Vulnerabilities are a major risk factor for connected devices. The distinction between total vulnerabilities and highly exploitable ones reinforces why network infrastructure and medical devices are prime attack targets.
Here’s a concerning trend: The use of SSH – which is encrypted – declined across all industries but the use of Telnet – which is not encrypted – increased in every industry. SMB remains the most widely used protocol across all industries.
These five industries have the largest number of connected devices. The gap in risk scores between industries has narrowed — with an overall average risk score of 8.98. This marks a significant 15% increase from 2024’s average of 7.73
We selected the 11 countries where the average device risk was 9 or higher. The average risk per country has increased significantly this year. In 2024, the average risk for the top 10 countries was 6.53. In 2025, it has risen to 9.1 — a 33% increase.
The top three countries with the highest risk are Spain, China, and the UK.
Each device is assigned a risk score between one and 10. After measuring the risk of each individual device, we calculate averages per type of device to understand which types are the riskiest.
