The devices winning the race to get hacked in 2026

Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently.

(Source: Forescout)

Forescout’s 2026 Riskiest Devices research maps that shift in IT, IoT, OT, and IoMT environments, with 11 new riskiest asset types entering the list this year. That is the second-largest year-over-year increase on record, and two of the new entries moved straight into the top five riskiest IT assets: serial-to-IP-converters and workstations.

Device risk spans IT, IoT, OT, and IoMT environments

The highest-risk IT category remains the router. Forescout also highlights an average of 32 vulnerabilities per router/switch. The 2026 IT top five are router, serial-to-IP converter, workstation, firewall, and domain controller. This ranking keeps core network and administrative systems central to enterprise device risk, with access, traffic control, and identity systems grouped together.

The IoT list stays rooted in operational devices that sit close to daily business activity. The top five IoT categories are VoIP system, printer, time clock, network video recorder (NVR), and RFID reader.

In OT, the list is power distribution unit (PDU), physical address control system, uninterruptible power supply (UPS), I/O module, and BACnet router.

In IoMT, the top five are medication dispensing system, medical image printer, DICOM gateway, MRI scanner, and healthcare workstation. Imaging devices lead the IoMT category overall. The 2026 list includes 20 device types spanning the four domains.

Financial services and government lead device risk levels

Financial services records the highest average device risk in 2026, followed by government and healthcare. Average device risk in financial services is more than three times that of retail, and government risk is more than double manufacturing. These gaps place both sectors at the top of the industry range.

Embedded firmware and networking operating systems, grouped as “special operating systems,” appear in government at 72%, retail at 61%, and healthcare at 56%. These systems outnumber mobile operating systems in the dataset and include version tracking limitations, limited automatic patching, and a large share of outdated or unsupported firmware.

Legacy Windows systems remain widely deployed. Retail stands at 39%, healthcare at 35%, and financial services at 29%. These shares increased after the end of support for Windows 10. In all five industries included in the comparison, more than half of non-legacy Windows devices previously ran Windows 10, leaving a significant portion tied to a recent support transition.

Secure Shell (SSH) is now the second most common protocol, with increased exposure in every industry except retail. Telnet usage increased in financial services, healthcare, and manufacturing, with slight declines in government and retail. Financial services rose from 3% to 12%, manufacturing from 5% to 12%, and healthcare from 6% to 8%.

“The attack surface in modern organizations spans IT, IoT, and OT, with the Internet of Medical Things adding complexity in healthcare. Focusing security efforts on a single domain is no longer sufficient: attackers exploit weaknesses across multiple environments and pivot between them,” researchers warn.