Hey, are you tired of sucking at ThreatGEN: Red vs. Blue? Want a little change? This guide's for you.
I assume you already know how to use the menus, the ingame interface and basic rules and win conditions. If not, go and take a look around. I'm not going to be your nanny.

This guide will be split into 4 parts to differentiate the various parts of the game:

• random (could occur in any of those other sections and there's really no telling why)
  
• early-game (1-25 turns in)
  
• mid-game (25-50 turns in)
  
• late-game (50-75 turns in)

Each part will contain every single dumb, half-witted loss condition you might experience, how to prevent it from occuring and my personal opinion on whether doing so is worth it.

You have lost because the RT has managed to get lucky and get a USB drop or phishing compromise deep into your network, so that they could rush the damage ICS action and win.
This one just... happens. TG: R vs. B is a realistic cybersecurity simulation and reality is unfair and you have to deal with it. Anyone could just have a bad day, be less cautious and click a bad link.
You can try mitigating this risk a little by implementing security awareness and skills training or deploying USB security on all availible devices.
Is it worth it? In my opinion, you can definitely implement security awareness and deploy USB security on the most important of devices that grant a direct proxy to PLCs or the whole segmentation layers that contain them. However, it is best to leave the security skills training and higher layers for last (simply because there's more important stuff to tackle early).

You have lost because you requested your budget too often or management denied you budget at a critical moment, the RT managed to damage your ICS because you had the budget to prevent it.
This one also just happens. There's no telling when those scrooges and misers will decide to give you the dollars, just make sure not to request additional budget too often; I recommend requesting budget every 10 turns. In addition to that, you can leave additional funds for specifically these types of incidents. You can leave around 10k$ if you don't have IR procedures or backups (realistically, replacing a device is your only course of action there) or about 5k$ if you do (you can clean your devices efficiently by this point). In my opinion, it's better having one bird in your hand than two in the bush.

You have lost because you have damaged your own ICS on accident. You screwed it up and the whole thing went up in flames! Make sure that you have ICS safe testing methods implemented by the time you run a vulnerability assessment or a penetration test. You should also ensure that you have an active vendor certification if you're patching the PLC. If all else fails (because of the lack of your attention) make sure to keep rebooting currently denied PLCs. Usually the above things are worth implementing because they help you in the long run.

Refer to the "Loss by deep USB drop/phishing compromise" point. This can happen as soon as turn 6 for the USB drop and turn 7 for the phishing compromise (if the RT gets lucky). Cut your losses and move on.
Much like the above point, if the RT gets lucky, they can get a very early compromise by just waltzing onto your property, searching for HMIs and compromising some. I recommend getting security awareness training, there's a way to counter this further by installing locks, physical 2FA or security skills training, however, in my opinion these aren't worth it that early on.
The RT can do a little trick if they get on your perimeter - by compromising the WiFi router they can access the layer with the terminal server directly, if they compromise it, your network is toast - it compromises the engineering workstation by proxy, which compromises the PLCs.
You can use the implement strong WiFi action to protect your network, however I usually leave it for later in my games with the AI.

Once the police is on your tail, it's game over for you, man! You can't try compromising every single host under the sun, because if the BT gathers enough evidence you lose. Have some form of a plan before compromising devices and stick to it - if you've played a few games you should already know what the network layout usually looks like. Use that base to attack only the required devices, follow the kill chain and damage the ICS efficiently.

You dawdled for so long that some of the devices that you need to compromise are already out of your reach. You can always try running attack campaigns, spear phishing attacks or dropping USBs, but they're unlikely to work because it's likely that BT has deployed USB security everywhere or implemented security skills training already. Try formulating a short and concise plan or getting a better initial entry point by phishing or dropping USBs next time.

Your boss is just standing there over your head, waiting to fire you for the mess you've made of their facility. Nothing works as intended anymore and it's all your fault. Try to make sure that your devices aren't compromised - ICSes aren't guaranteed to show any attacks, but it's nothing endpoint security or manually threat hunting yourself can't solve. If you're playing against another player instead of the AI, make sure to keep backups - a mass ransomware attack could catch you off guard.

This game is mostly governed by random chance, so the more times RT tries an action and fails, the more likely they are to succeed the next time they're doing it. This also applies to USB dropping and phishing - the two attack vectors you aren't able to fully mitigate. Try creating a priority list inside of your head, focus on the most critical attack vectors first (and possibly initially skip some of the less important ones until you have more staff).

This guide is mostly meant to be an overview of the less obvious loss conditions, the usual ones aren't included here because you should have a decent grip on them if you've played the game.

Feel free to leave suggestions if you've noticed any new unusual loss conditions!
I'll try to keep this guide updated as the game progresses, but as of now, this guide is for version 1.7.2.