Manufacturing Sector Faces Unprecedented Cyber Threats as Ransomware Dominates Financial Losses
A new report from Resilience, The State of Cybersecurity in Manufacturing, reveals that the manufacturing industry remains the most targeted sector for cyberattacks, with ransomware accounting for 90% of total financial losses despite representing only 12% of claim volume. The findings, based on proprietary claims data, highlight severe vulnerabilities in the sector, driven by low downtime tolerance, underfunded security programs, and rapid adoption of connected technologies.
Key Threats and Financial Impact
- Ransomware remains the most financially damaging threat, with a single attack linked to the BlackCat ransomware group enabled by misconfigured multi-factor authentication (MFA), responsible for 26% of all portfolio losses.
- Phishing and transfer fraud make up 30% of claims, underscoring human error as a leading cause of cyber disruption.
- Wrongful data collection, primarily from website tracking and pixel-related litigation, drives 12% of claims, though operational data breaches remain a growing concern.
Critical Security Gaps and Solutions
Resilience’s data identifies five high-impact security controls to mitigate risk:
- Auditing and validating MFA deployment to eliminate bypass conditions and enforce consistent policies.
- Strengthening vulnerability management for external-facing systems to prevent ransomware exploits.
- Implementing procedural controls for financial transfers (e.g., dual authorization) to combat phishing and fraud.
- Extending security requirements to vendors, including contractual MFA and patching mandates.
- Cyber risk quantification to align security investments with financial exposure.
Emerging Risks on the Horizon
- IoT device proliferation in manufacturing facilities is expected to double by 2030, expanding attack surfaces.
- AI-driven phishing and deepfake social engineering are becoming more sophisticated.
- Post-quantum cryptography poses a future threat, with fewer than 7% of global SSH servers currently using quantum-resistant encryption.
Industry-Wide Challenges
Despite being the most targeted sector for five consecutive years, many manufacturers still prioritize operational continuity over security upgrades. The report challenges this mindset, demonstrating that simple, implementable controls rather than complex overhauls can significantly reduce financial risk.
The findings serve as a critical benchmark for security leaders, risk managers, and insurers, offering data-driven insights to harden defenses against evolving cyber threats.
Resilience cybersecurity rating report: https://www.rankiteo.com/company/resilience-cyber
Black Cat Security cybersecurity rating report: https://www.rankiteo.com/company/blackcat-security
"id": "RESBLA1777388767",
"linkid": "resilience-cyber, blackcat-security",
"type": "Ransomware",
"date": "1/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'manufacturing',
'type': 'manufacturing companies'}],
'attack_vector': ['misconfigured MFA', 'phishing', 'website tracking/pixels'],
'data_breach': {'personally_identifiable_information': 'website '
'tracking/pixel-related '
'data',
'type_of_data_compromised': ['operational data',
'personally identifiable '
'information (via website '
'tracking/pixels)']},
'description': 'A new report from Resilience, *The State of Cybersecurity in '
'Manufacturing*, reveals that the manufacturing industry '
'remains the most targeted sector for cyberattacks, with '
'ransomware accounting for 90% of total financial losses '
'despite representing only 12% of claim volume. The findings '
'highlight severe vulnerabilities in the sector, driven by low '
'downtime tolerance, underfunded security programs, and rapid '
'adoption of connected technologies.',
'impact': {'financial_loss': '90% of total financial losses attributed to '
'ransomware',
'legal_liabilities': 'pixel-related litigation',
'operational_impact': 'severe disruptions due to low downtime '
'tolerance'},
'lessons_learned': 'The manufacturing sector remains highly vulnerable due to '
'low downtime tolerance, underfunded security programs, '
'and rapid adoption of connected technologies. Simple, '
'implementable controls can significantly reduce financial '
'risk.',
'motivation': ['financial gain', 'data exfiltration'],
'post_incident_analysis': {'corrective_actions': ['auditing and validating '
'MFA deployment',
'strengthening '
'vulnerability management',
'implementing procedural '
'controls for financial '
'transfers',
'extending security '
'requirements to vendors',
'cyber risk quantification'],
'root_causes': ['misconfigured MFA',
'human error',
'underfunded security programs',
'rapid IoT adoption']},
'ransomware': {'ransomware_strain': 'BlackCat'},
'recommendations': ['Audit and validate MFA deployment to eliminate bypass '
'conditions.',
'Strengthen vulnerability management for external-facing '
'systems.',
'Implement procedural controls for financial transfers '
'(e.g., dual authorization).',
'Extend security requirements to vendors, including '
'contractual MFA and patching mandates.',
'Adopt cyber risk quantification to align security '
'investments with financial exposure.',
'Prepare for emerging risks like IoT proliferation, '
'AI-driven phishing, and post-quantum cryptography '
'threats.'],
'references': [{'source': 'Resilience, *The State of Cybersecurity in '
'Manufacturing*'}],
'regulatory_compliance': {'legal_actions': 'pixel-related litigation'},
'response': {'remediation_measures': ['auditing and validating MFA deployment',
'strengthening vulnerability management '
'for external-facing systems',
'implementing procedural controls for '
'financial transfers (e.g., dual '
'authorization)',
'extending security requirements to '
'vendors (contractual MFA and patching '
'mandates)',
'cyber risk quantification']},
'threat_actor': 'BlackCat ransomware group',
'title': 'Manufacturing Sector Faces Unprecedented Cyber Threats as '
'Ransomware Dominates Financial Losses',
'type': ['ransomware',
'phishing',
'transfer fraud',
'wrongful data collection'],
'vulnerability_exploited': ['misconfigured multi-factor authentication (MFA)',
'human error',
'external-facing systems vulnerabilities']}