Forescout recently published its fifth annual ‘Riskiest Connected Devices of 2025’ report, which analyses millions of devices in Forescout’s Device Cloud using the company’s multifactor risk scoring methodology to assess the most vulnerable devices in enterprise networks based on each device’s configuration (vulnerabilities and open ports), criticality to the business and internet exposure.
This year’s report analyses the five riskiest device types globally across IT, Internet of Things (IoT), Operational Technology (OT), and Internet of Medical Things (IoMT) and industry verticals. Key findings in the report reveal a 15% year-over-year increase in average device risk, and that routers account for over 50% of devices with the most dangerous vulnerabilities. The findings also showed that retail was the sector with the riskiest devices on average, followed by financial services, government, healthcare, and manufacturing.
Since 2020, Forescout Research – Vedere Labs has been monitoring the riskiest devices in organisational networks, using data sourced directly from the devices themselves. Its latest findings from the report reveal a growing shift in the threat landscape, with network infrastructure—particularly routers—continuing to outpace endpoints as the riskiest IT devices since 2023.
Cyber attackers are rapidly exploiting newly discovered vulnerabilities in these devices through large-scale attack campaigns, with 12 new device types, including four new IoMT devices, on this year’s list. This marks the largest year-over-year increase Forescout has observed. As the attack surface broadens across IT, IoT, OT, and IoMT environments, siloed security efforts are no longer sufficient.
“We’re handing attackers the keys to critical operations. Cybercriminals are ditching traditional endpoints and targeting the devices that keep our hospitals, factories, governments, and businesses running,” said Barry Mainz, CEO, Forescout. “This year alone, four new types of medical device topped the risk charts. If we don’t secure every IT, IoT, OT, and IoMT device across our networks, the consequences will be devastating.”
The findings were as follows:
- Routers dominate as most vulnerable devices: four new IT device types were added to the 2025 list: Application Delivery Controllers (ADC), Intelligent Platform Management Interfaces (IPMI), Firewalls, and Domain Controllers. IPMI devices are plagued with critical vulnerabilities and domain controllers are among the most critical points in internal networks
- PoS systems emerge as a top target: this year, point of sale (PoS) systems, such as those used in retail stores, made the list. PoS have been targeted by cyber criminals with generic malware such as keyloggers and infostealers to capture sensitive information, as well as dedicated RAM scrapers that search the device’s memory for credit card numbers and other data before encryption
- Universal gateways and historians debut: this year universal gateways and historians, servers dedicated to storing operational process data, appeared for the first time on the list, alongside building management systems (BMS), physical access control systems and uninterruptible power supply devices (UPS)
- Four new device types: four new IoMT device types were added this year: imaging devices, lab equipment, healthcare workstations, and infusion pump controllers
“Today’s threat environment spans IT, IoT, OT, and IoMT—yet too many security solutions operate in silos, leaving dangerous blind spots,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “Beyond regular risk assessments, enterprises need automated controls that cover all assets. Solutions that focus on specific devices fail to deliver the full visibility and security controls needed for these highly complex environments.”
The study reinforces that any organisation not continuously monitoring both traditional and specialised network devices risks becoming the next breach headline. To help companies effectively close these blind spots, Forescout recently launched eyeScope, an easy-to-deploy, Cloud-based visibility and monitoring solution. By uniting eyeScope’s real-time device intelligence with the urgent risk priorities highlighted in the research, Forescout is providing organisations with the data and tools necessary to secure their most vulnerable assets.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.