Two-thirds of manufacturing and production organizations reported ransomware attacks, less than halfway into 2024. This is a notable increase from the previous two years (56% in 2023 and 55% in 2022) and represents a 41% increase since 2020, according to a new study.
The study came from British security software and hardware company Sophos Ltd. On average, 44% of computers in manufacturing and production are impacted by a ransomware attack, the report found. In total, it looked at 585 companies in 14 countries in the Americas; Europe, Middle East and Africa (EMEA); and Asia Pacific.
How often ransomware attacks hit manufacturing
“99% of manufacturing organizations hit by ransomware were able to identify the root cause of the attack, with malicious emails coming out as the most commonly exploited cause of ransomware attacks in 2024 (29%), followed by exploited vulnerabilities at 27%,” the authors of the Sophos report wrote.
93% of manufacturing organizations hit by ransomware in the past year said the cybercriminals attempted to compromise their backups during the attack, Sophos said.
Of them, just over half (53%) of backup compromise attempts were successful. Both the attempted compromise rate and the compromise success rate in manufacturing and production are lower than the cross-sector average of 94% and 57%, respectively.
Additional ransomware stats
Other findings include:
- Manufacturing organizations that had their backups compromised reported worse outcomes than those whose backups were not breached.
- Ransom demands totaled, on average, double demands for those whose backups were not impacted ($2 million vs. $1 million median initial ransom demand).
- Organizations whose backups were compromised were more likely to pay the ransom to recover encrypted data (70% vs. 49%).
- Median overall recovery costs came in double that of those that did not have backups compromised ($750,000 vs. $375,000).
- Three out of four ransomware attacks on manufacturing organizations (74%) resulted in data encryption. That was the highest encryption rate for the sector in the last five years. This rate is also higher than the 2024 cross-sector average of 70%.
- All manufacturing organizations (99%) that had data encrypted got their data back.
- 60% of ransom demands in manufacturing organizations are for $1 million or more. 15% of demands were for $5 million or more.
The cost of recovery from a cyber-attack is neither cheap nor easy to recover from, according to the Sophos report.
In addition, manufacturing organizations in the findings reported a mean cost of $1.67 million to recover from a ransomware attack compared with $1.08 million in 2023.
Submit a nomination
Nominate a game-changer for the Global B2B eCommerce Industry Awards from Digital Commerce 360 and the B2B Ecommerce Association.
Sign up
Sign up for a complimentary subscription to Digital Commerce 360 B2B News, published 4x/week. It covers technology and business trends in the growing B2B ecommerce industry. Contact Mark Brohan, senior vice president of B2B and Market Research, at [email protected]. Follow him on Twitter @markbrohan. Follow us on LinkedIn, Twitter, Facebook and YouTube.