Industrial Sector Hit Hardest by Ransomware Attacks, NCC Group Reports
Industrial organizations faced 2,073 ransomware attacks in the 12 months leading up to March 2026, making the sector the most targeted industry during that period, according to data from NCC Group. On average, industrial firms accounted for 29.6% of all monthly ransomware activity, a surge attributed to vulnerabilities in operational technology (OT) environments systems that control physical industrial processes.
The attacks disproportionately impacted capital goods businesses, with 1,192 incidents recorded in sectors involving machinery, equipment, and infrastructure. Machinery firms alone suffered 442 attacks, while construction and engineering companies faced 394. The trend suggests attackers are prioritizing industries where disruptions can halt production and destabilize supply chains.
The rise in OT-focused attacks coincides with increased regulatory scrutiny under frameworks like the Network and Information Systems (NIS) Regulations, which mandate cybersecurity measures for essential services. Updated guidance under the Cybersecurity Act has further elevated expectations for OT governance, incident reporting, and supply-chain security, shifting OT security from a technical concern to a board-level compliance issue.
A key challenge lies in the convergence of IT and OT systems, as industrial firms increasingly integrate production networks with corporate IT infrastructure. This connectivity expands the attack surface, allowing cyber incidents to spread rapidly from office systems into plant operations and critical infrastructure.
Ray Robinson, OT Director at NCC Group, warned that many organizations still prioritize IT security over OT protection, despite the severe consequences of OT disruptions including production shutdowns, service outages, and safety risks. The impact extends beyond financial losses, particularly when attacks target essential services or public infrastructure.
Legacy OT systems, often designed for reliability rather than cybersecurity, further complicate defenses. Many operators must balance production continuity with the need to modernize security controls, reporting, and supply-chain oversight all while addressing regulatory demands that now explicitly include OT environments.
Katarina Sommer, Global Head of Government Affairs at NCC Group, noted that regulators are strengthening requirements, making OT security a critical governance priority for industrial businesses.
Source: https://securitybrief.co.uk/story/industrial-firms-hit-hardest-by-ransomware-attacks
NCC Group cybersecurity rating report: https://www.rankiteo.com/company/ncc-group
"id": "NCC1778776543",
"linkid": "ncc-group",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Capital goods',
'Machinery',
'Construction',
'Engineering'],
'type': 'Industrial organizations'}],
'attack_vector': 'Operational Technology (OT) vulnerabilities, IT-OT '
'convergence',
'description': 'Industrial organizations faced 2,073 ransomware attacks in '
'the 12 months leading up to March 2026, making the sector the '
'most targeted industry. The attacks disproportionately '
'impacted capital goods businesses, with vulnerabilities in '
'operational technology (OT) environments being a key factor. '
'The rise in OT-focused attacks coincides with increased '
'regulatory scrutiny under frameworks like the Network and '
'Information Systems (NIS) Regulations and the Cybersecurity '
'Act.',
'impact': {'downtime': 'Production shutdowns, service outages',
'operational_impact': 'Halt in production, supply chain '
'destabilization, safety risks',
'systems_affected': ['Operational Technology (OT) environments',
'IT systems',
'Production networks']},
'lessons_learned': 'OT security must be prioritized alongside IT security, '
'especially in industrial sectors. Legacy OT systems pose '
'significant risks and require modernization to meet '
'regulatory demands. IT-OT convergence expands the attack '
'surface and necessitates enhanced governance and '
'supply-chain security.',
'motivation': 'Financial gain, supply chain disruption, production halts',
'post_incident_analysis': {'corrective_actions': ['Modernize OT security '
'controls',
'Enhance IT-OT segmentation',
'Improve regulatory '
'compliance for OT '
'environments',
'Strengthen supply-chain '
'security'],
'root_causes': ['Vulnerabilities in OT '
'environments',
'Lack of OT security '
'prioritization',
'IT-OT convergence expanding '
'attack surface',
'Legacy OT systems designed for '
'reliability, not cybersecurity']},
'recommendations': ['Prioritize OT security at the board level',
'Modernize legacy OT systems to include cybersecurity '
'controls',
'Enhance IT-OT segmentation and monitoring',
'Comply with regulatory frameworks like NIS Regulations '
'and Cybersecurity Act',
'Improve supply-chain security oversight'],
'references': [{'source': 'NCC Group'}],
'regulatory_compliance': {'regulations_violated': ['Network and Information '
'Systems (NIS) Regulations',
'Cybersecurity Act']},
'title': 'Industrial Sector Hit Hardest by Ransomware Attacks',
'type': 'Ransomware',
'vulnerability_exploited': 'Legacy OT systems, lack of OT security '
'prioritization, IT-OT convergence'}