Essential Insights
- Manufacturing remains the top target for ransomware, accounting for 22% of global attacks between April 2024 and March 2025, with the U.S. experiencing over half of these incidents, driven by complex supply chains and digital transformation.
- Attackers specifically target manufacturing due to its critical operational role, with both large and small companies highly vulnerable, especially those with revenues over $100 million; small firms, however, also face significant threats.
- Despite high cybersecurity ratings, 75% of manufacturing firms harbor critical vulnerabilities (CVSS ≥8), and 65% have exploitable flaws from the CISA KEV catalog, highlighting widespread security weaknesses often linked to patch management and application security.
- The industry’s greatest risk stems from interconnected supply chains, demanding enhanced visibility and proactive threat detection—not just reactive defenses—to prevent disruptions and safeguard operational continuity.
Problem Explained
The Black Kite 2025 Manufacturing Report reveals a troubling trend: manufacturing remains the prime target for ransomware attacks, accounting for nearly a quarter (22%) of all publicly disclosed incidents between April 2024 and March 2025, with the United States bearing the brunt of over half (52%) of these assaults. These attacks are not random but are strategically directed at companies integrated into complex, global supply chains—especially large enterprises earning over $100 million—because cybercriminals understand that disrupting manufacturing operations can trigger widespread repercussions across industries worldwide. The surge in digital transformation post-COVID-19 has inadvertently expanded attack surfaces, making the industry especially vulnerable despite many companies appearing to have solid cybersecurity defenses on paper. Black Kite emphasizes that behind high cyber ratings, many firms harbor critical vulnerabilities, especially in patch management and application security, which are actively exploited by threat actors. The report warns that cybercriminals are not merely targeting their victims but are methodically exploiting weaknesses in supply networks, risking severe operational disruptions unless manufacturers adopt proactive, holistic security measures that encompass their entire supply chain ecosystem.
The report, narrated by Anna Ribeiro of Industrial Cyber News and based on Black Kite’s research, underscores that ransomware groups are increasingly focused on manufacturing because of its vital role in the global economy, especially given the industry’s interconnected, technologically advanced, and often outdated infrastructure. Though many firms have high security ratings, over 75% harbor critical vulnerabilities with a CVSS score of 8 or higher, and many are actively exploited or at risk of being exploited—highlighting that superficial defenses can conceal deep-seated weaknesses. As new, less coordinated ransomware groups emerge in the wake of the fall of major syndicates like LockBit, the threat landscape in manufacturing remains volatile and dangerous. The report concludes that organizations must move beyond reactive measures and gain comprehensive visibility into their supply chains and third-party risks to stop attackers before they can exploit vulnerabilities and cause catastrophic disruptions.
Risk Summary
The Black Kite 2025 Manufacturing Report highlights that manufacturers remain the top target for ransomware attacks, accounting for nearly a quarter of global incidents—52% of which target U.S. companies—driven by expansive, often unsecured supply chains that amplify attack surfaces amid rapid digital transformation post-COVID. These cybercriminals deliberately prioritize this industry due to its critical role in global operations; disruptions trigger significant cascading effects across supply networks. Notably, while surface-level cybersecurity ratings often appear strong, deeper vulnerabilities—such as unpatched critical flaws, application weaknesses, and compromised third-party suppliers—pervade the sector, with 75% of manufacturers harboring severe vulnerabilities. Attackers primarily focus on entities central to supply chains, from large firms earning over a billion dollars to smaller suppliers, revealing an industry-wide susceptibility rooted in complex operational tech, legacy systems, and interconnected ecosystems. This persistent threat landscape underscores the need for proactive, visibility-driven cybersecurity strategies that go beyond traditional defenses to address vulnerabilities exploited in real-time, making manufacturing a high-value, high-risk target that demands urgent, comprehensive risk management.
Fix & Mitigation
In the ever-evolving landscape of cybersecurity threats, prompt remediation is vital to minimizing damage, safeguarding supply chain integrity, and maintaining operational resilience.
Enhanced Monitoring
Implement continuous, real-time surveillance of network activity to quickly identify unusual or malicious behavior.
Patch Management
Regularly update and patch software and systems to close security gaps exploited by ransomware.
Supply Chain Security
Conduct thorough assessments of supply chain partners, enforce strict security standards, and establish clear protocols for third-party risk management.
Incident Response Plan
Develop and rehearse a comprehensive response strategy to ensure swift action in case of ransomware detection.
Employee Training
Educate staff on phishing recognition, safe practices, and reporting procedures to reduce human error vulnerabilities.
Backup Strategies
Maintain encrypted, offline backups of critical data to enable rapid recovery without capitulating to ransom demands.
Access Control
Implement multi-factor authentication and strict access controls to limit ransomware’s ability to propagate within networks.
Advance Your Cyber Knowledge
Discover cutting-edge developments in Emerging Tech and industry Insights.
Explore engineering-led approaches to digital security at IEEE Cybersecurity.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
