Dive Brief:
- The manufacturing sector is woefully unprepared to defend against cyberattacks, even as it was the most targeted community in 2025, accounting for one in four attacks, cybersecurity insurance firm Resilience said in a report published on Tuesday.
- Several factors make it difficult for manufacturers to upgrade their cybersecurity defenses, including the cost of downtime, according to the report.
- Even so, the threat picture is dire: Ransomware attacks on manufacturers increased significantly more in 2025 than the average growth rate across all sectors.
Dive Insight:
Manufacturing firms face “a fundamental tension” that impedes their cybersecurity progress, according to Resilience: “The perceived risk of taking production offline to implement security controls often feels greater than the risk of operating without them.” At the same time, automation and remote access have become much more common in the industry, particularly in the wake of the COVID-19 pandemic, when remote system management became the norm for public-health reasons.
As the attack surface has grown, attackers have matured. Ransomware groups increasingly operate through an affiliate model that lowers the barrier of entry for destructive but low-skilled attackers, Resilience said. In addition, cybercriminals eagerly capitalize on manufacturers’ “low tolerance for downtime” and tight security budgets. Government-backed hacking groups also frequently target manufacturers to undermine national security preparedness and steal intellectual property.
Ransomware attacks increased by roughly 46% overall between January and September 2025 compared to the same period in 2024, but they increased by 61% in the manufacturing sector, Resilience said, citing data from the threat intelligence firm KELA.
While state-sponsored espionage poses national-defense concerns, ransomware is by far the most serious threat to manufacturers’ bottom lines. Ransomware accounted for 90% of losses in the sector between March 2021 and February 2026, according to Resilience — despite representing only 12% of insurance claims by the firm’s policyholders.
Manufacturers’ security weaknesses aren’t uniquely complex. The single costliest weakness, according to the report, is multifactor authentication (MFA) misconfiguration. Poorly configured MFA caused roughly one-quarter of all losses, and nearly 10% of losses stemmed from a complete lack of MFA. “These are fixable problems with outsized financial consequences,” Resilience said.
By contrast, the exploitation of software vulnerabilities accounted for only roughly 13% of losses over the same five-year period, concentrated in several high-profile ransomware attacks by groups such as Black Basta.
Resilience encouraged manufacturers to carefully verify their MFA deployments, improve their vulnerability tracking and mitigation processes, tighten restrictions on financial transfers and enforce security requirements on their vendors.
