Cybersecurity professionals may finally be holding down the fort. However, the latest 2025 Cyberthreat Defense Report from Cyberedge Group suggests that the burden of cyber risk is shifting, and this increasingly includes facilities managers as part of the equation.
About 82 percent of organizations experienced at least one successful cyberattack in the past year, according to the report. This is a figure that has stabilized after nearly a decade of steady increases. Optimism is growing as well: fewer organizations believe a successful attack is likely in the year ahead.
For managers, the more pertinent takeaway is not that attacks are slowing – it is finding where vulnerabilities persist and why defenses still feel stretched out. Mobile devices, Internet of Things (IoT) systems and building-connected technologies remain among the least trusted IT domains. These are exactly the kinds of systems that fall under the purview of facilities teams, from smart HVAC controls and access systems to energy management platforms and connected equipment.
Security teams rated mobile devices as their weakest area, and not because protections declined at all, but because those devices now store more sensitive data. They are also increasingly targeted by more sophisticated attacks. The same logic applies to smart building technologies. As facilities become more connected and data-rich, they become more attractive targets.
Additionally, the report also highlights a persisting confidence gap. While organizations rate their overall cybersecurity posture relatively high, confidence in people and processes declined for the second year in a row. Identity and access management scored well, but areas such as threat detection, third party risk and sure awareness remain weak points.
This matters for managers because people, and not technology, are still considered the weakest link in the security equation. Low security awareness among employees ranked tied in the survey with the lack of skilled professionals as the top barriers to effective cyber defense. Every contractor badge, vendor login, temporary worker or improperly decommissioned access credential represents potential risk that spans both physical and digital spaces.
Ransomware trends also carry implications for facility operations. While the report showed there were fewer organizations paying ransoms, average ransom demands continued to rise. Plus, fewer victims are successfully recovering their data even after paying. This means that resilience planning is key, and that downtime, system lockouts and disrupted building operations become more costly than the ransom itself.
However, there are practices that are working for facilities teams. The report credits improved outcomes to renewed attention to cybersecurity fundamentals, broader adoptions of zero trust principles and increased use of frameworks and standards. Nearly all organizations now rely on at least one cybersecurity framework to assess risk and performance.
As buildings become smarter and more connected, cyber risk becomes operational risk. Ultimately, bridging the gap between IT security and facilities operations is critical for managers helping their organizations hold the line.
Jeff Wardon, Jr., is the assistant editor of the facilities market.
