top of page

Ransomware in the manufacturing sector

In its annual State of Ransomware in Manufacturing and Production 2022 report, Sophos offers some fresh insights into the ransomware attack rates, costs and recovery, and ransom insurance payouts in manufacturing and production organizations over the last year.

The report is based on feedback from 419 IT professionals in the manufacturing and production sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

Some key notes:

  • a somewhat lower rate of ransomware attacks, with 55% of companies reporting being hit, compared to the cross-sector average of 66%.

  • 38% of the respondents said they were able to stop the attack before the data could be encrypted, well above the cross-sector average of 31%. This could be paradoxically down to less connected environments and technology stacks not exploited yet fully by ransomware-as-a-service operators. Attackers are usually leveraging the highly connected Active Directory networks, which offer plenty of opportunities for lateral movements and vulnerability exploitation.

  • However, the sector reported the highest average ransom payment of all sectors: $2,036,189 (of 38 respondents) vs $812,360 across sectors;

  • Cyber insurance seems lower: 75% of manufacturing organizations reported having cyber insurance coverage against ransomware, lower than the cross-sector average of 83%.

It's good news that globally cyber insurance is driving manufacturing and production organizations to improve cyber defenses: 97% have upgraded their cyber defenses to secure coverage. That could be a better driver to improve the state of cybersecurity than many regulations being forced on the manufacturing and many other industries.

However, the manufacturing sector is reporting the lowest rate of ransom payouts of all industries, with the insurer paying out in only 30% of incidents compared to the cross-sector average of 40%, which indicates there is lots of room for improving cyber defenses and processes.

More info here.


bottom of page