The subject of attack detection for industrial cyber-physical systems (IPCSs) is covered in this paper, which addresses threats from transient covert attacks (TCAs), also referred to as the second version of replay attacks with a specific frequency and short duration. A comprehensive model of the TCAs is built using the active instant and period of the attacks, as well as the dynamics of a virtual system to replicate IPCS function and produce attack signals. Though watermarking-based detection algorithms have been shown to be effective in detecting TCAs, the induced system performance loss is too significant, and as such, our primary goal is to minimize system performance degradation while maintaining the detection rate. Because the active periods of TCAs are substantially shorter than their sleep ones, or even because they are practically always silent, it makes sense that reducing superfluous watermarking will facilitate system performance. So, using an “event-triggered” strategy, a unique recursive watermarking-based detection algorithm is proposed. Here, the trigger modes of watermarking are divided into three types: forced, high probability, and low probability. The design principles are proven via algorithms and criteria, and a theoretical analysis of the detection rate and the system performance loss is also supplied. The advantages of the suggested algorithms are finally demonstrated by numerical simulations of a quadruple-water-tank system and experiments with a permanent magnet synchronous motor on the dSpace platform.