Sophos’ latest annual study explores the real-world ransomware experiences of 332 manufacturing and production organizations hit by ransomware in the past year. The report examines how the causes and consequences of these attacks have evolved over time.
This year’s edition also sheds new light on previously unexplored areas, including the organizational factors that left firms exposed and the human toll ransomware takes on IT and cybersecurity teams within the sector.
Download the report to explore the full findings.
Exploited vulnerabilities and expertise shortfalls fuel ransomware incidents
Exploited vulnerabilities are the leading root cause of ransomware attacks on manufacturing and production organizations, responsible for 32% of incidents. Malicious emails ranked second, with their share declining from 29% in 2024 to 23% in 2025.
Multiple organizational factors contribute to manufacturing and production organizations falling victim to ransomware, with the most common being a lack of expertise (i.e., insufficient skills or knowledge available to detect and stop the attack in time) named by 42.5% of victims. It is followed in very close succession by unknown security gaps (i.e., weaknesses in defenses that respondents were unaware of), which contributed to 41.6% of attacks.
Organizational root cause of attacks in manufacturing and production
Data encryption sharply declines but extortion rates soar
Data encryption in the sector has dropped to its lowest level in f
TPRM report: https://www.rankiteo.com/company/sophos
"id": "sop1764779684",
"linkid": "sophos",
"type": "Ransomware",
"date": "2025-12-03T00:00:00.000Z",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Manufacturing and Production',
'location': None,
'name': None,
'size': None,
'type': 'Manufacturing and Production '
'Organizations'}],
'attack_vector': ['Exploited vulnerabilities',
'Malicious emails'],
'data_breach': {'data_encryption': 'Yes (declining trend)',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'Sophos’ latest annual study explores the '
'real-world ransomware experiences of 332 '
'manufacturing and production organizations hit '
'by ransomware in the past year. The report '
'examines how the causes and consequences of '
'these attacks have evolved over time, including '
'organizational factors and the human toll on IT '
'and cybersecurity teams.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'lessons_learned': 'Exploited vulnerabilities and expertise '
'shortfalls are leading root causes of '
'ransomware attacks. Lack of expertise and '
'unknown security gaps contribute '
'significantly to successful attacks.',
'motivation': 'Extortion',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Exploited '
'vulnerabilities '
'(32%)',
'Malicious emails '
'(23%)',
'Lack of expertise '
'(42.5%)',
'Unknown security '
'gaps (41.6%)']},
'ransomware': {'data_encryption': 'Yes (declining trend)',
'data_exfiltration': 'Yes (increasing trend)',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Sophos Annual Ransomware Study',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Sophos Ransomware Study on Manufacturing and '
'Production Organizations',
'type': 'Ransomware',
'vulnerability_exploited': 'Unknown security gaps (weaknesses in '
'defenses)'}}