The manufacturing and production industry experienced the highest growth in ransomware attacks in 2023, with a 9% increase, making it one of only three sectors with an increasing attack rate, after healthcare and financial services. 65% of organizations reported being hit by ransomware, a 41% increase since 2020. 93% of organizations hit by ransomware said cybercriminals attempted to compromise their backups, with 53% of successful attempts. Additionally, 74% of ransomware attacks resulted in data encryption, the highest rate in the last five years.

In 2024, manufacturing organizations reported a mean cost of $1.67M to recover from a ransomware attack, an increase from the $1.08M reported in 2023. On average, 44% of computers in manufacturing and production are impacted by a ransomware attack. Having your complete environment encrypted is scarce, with only 4% of organizations reporting that 91% or more of their devices were impacted.

While 58% in manufacturing restored encrypted data using backups, 62% paid the ransom to get data back. The percentage of manufacturing organizations that paid the ransom has almost doubled from our 2023 study when the sector reported one of the lowest ransom payment rates (34%) across all industries.

A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). This time, almost half of manufacturing organizations (45%) had data encrypted and reported using more than one method, more than double the rate reported in 2023 (19%).

One hundred fifty-seven manufacturing respondents whose organizations paid the ransom shared the actual sum, revealing that the average (median) payment has increased by 167% over the last year, from $450,000 to $1.2M.

While the ransom payment has increased, only 27% of manufacturing victims said their payment matched the original request. 65% paid less than the original demand, while only 8% paid more.

“The increase in the number of victims and their inability to detect and respond quickly enough to prevent encryption is very concerning. Criminals are very aware of their success rates amongst different sectors, and I wouldn’t be surprised to see them targeting manufacturers alongside healthcare and schools. With over 60% of manufacturing victims choosing to pay a ransom and the median ransom paid of USD 1.2 million, they are attractive targets.

Organizations in this sector must focus on their time to detect and time to respond to metrics.  While the percentage of those who have a ransomware incident indicates our prevention and proactive defense capabilities, the number of those who have an incident but whose data is not encrypted is a sign of increased monitoring and effective threat hunting. It takes all three approaches to defend against hands-on keyboard attacks. “

Download the full report for more insights into ransom payments and many other areas.