Zscaler ThreatLabz 2023 Enterprise IoT & OT Threat Report

In-depth analysis of real-world IoT and OT trends and cyberthreat data
Growing Risk

IoT and OT are growing targets for cyberattacks

Internet of things (IoT) devices may be getting physically smaller, but the security risks stemming from them are getting bigger. As these devices proliferate, converge with operational technology (OT) systems, and connect to enterprise networks, attack surfaces are dramatically expanding. This is nothing new—but it is introducing new threats.

Key findings
Consumer IoT makes up nearly 50% of devices in the enterprise

Consumer IoT devices like set-top boxes and smart TVs send the most traffic to the Zscaler cloud, demonstrating the prevalence of these often unsanctioned shadow IoT devices on corporate networks.

Almost two-thirds of IoT transactions use TLS/SSL

Encouragingly, 62.1% of IoT transactions now use TLS/SSL encryption, far more than the 17% in our previous report. However, full visibility and inspection are critical as threat actors exploit encrypted traffic.

IoT malware attacks are up 400% year-over-year

We’ve seen a massive 5x increase in IoT malware attacks since 2022, involving over 350 attack payloads. The Mirai and Gafgyt families remain dominant, underscoring the persistent risk of IoT botnets.

report insights

Learn about the latest IoT and OT trends, threats, and defense strategies

Get valuable insights into the state of connected devices and the latest risks, based on the ThreatLabz team’s analysis of device traffic and IoT malware data from the world’s largest inline security cloud.

Download the 2023 Enterprise IoT and OT Threat Report for the full analysis, including: 


  • A breakdown of the IoT threat landscape
  • Key malware families and vulnerabilities driving IoT and OT attacks
  • Which devices are most vulnerable to compromise 
  • Actionable best practices to defend against IoT malware and other threats
  • Predictions for 2024 and beyond
Secure IoT and OT

Secure your IoT and OT with zero trust

Most devices lack security controls and don’t need to connect to enterprise networks, let alone have access to sensitive data. A true zero trust architecture, based on granular least-privileged access, is key to using IoT and OT safely.

Read the report to learn how the Zscaler Zero Trust Exchange™ secures remote access to OT systems, eliminates IoT blind spots, prevents compromise, and protects corporate data.

dots pattern

Get the report

Download the Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report for our complete findings and expert insights.