DNS provider Dyn reckons about 100,000 Mirai-infected gadgets knocked it out back in October 2016. A study by security ratings firm SecurityScorecard, out Tuesday, found that even a year after its initial release, Mirai botnet infections are still widespread.

Organisations think they are not a target due to the business they are in, or not having highly valued or sensitive data assets i.e. logistics, construction etc. 

If they don't rely heavily on IT and they aren't subject to regulatory compliance they tend to take cybersecurity less seriously. 

Many organisations are not aware their IT/OT/IoT infrastructure is a target for the infrastructure itself. If hackers can compromise any device on any network and use it as part of a botnet, they will. This is likely to get the compromised organisation's IP or even their entire domain registered as an attacker and can often be blocked. 

This can result in an innocent business being blacklisted and taken off the net, without them doing anything wrong. In many cases, they don't even know attacks are emanating from within their networks. Compromised devices are easy to spot.