Resilience published on Tuesday new data showing that manufacturing remains the most targeted industry for cyberattacks, driven by its critical role in global supply chains and low tolerance for operational downtime. Drawing on nearly five years of cyber insurance claims, the report highlights how the sector’s rapid adoption of connected technologies and historically underfunded security programs have expanded its attack surface, making it an attractive target for hackers seeking high-impact disruptions and payouts.
Titled ‘The State of Cybersecurity in Manufacturing,’ the Resilience analysis finds that ransomware dominates financial impact, accounting for more than 90% of total losses despite representing only 12% of claims. Losses are highly concentrated, with a small number of severe incidents driving overall financial exposure, while more frequent events such as phishing and transfer fraud account for roughly 30% of claims but generate lower individual payouts.
Crucially, the report points to preventable control failures as the primary drivers of the most expensive incidents. Misconfigured multi-factor authentication (MFA) alone accounts for about 26% of total losses, including the single largest event in the dataset, underscoring that existing controls often fail due to poor implementation rather than absence. The findings emphasize that targeted, evidence-based security measures, including proper MFA configuration, stronger vulnerability management, and tighter controls on financial transactions and third-party risk, can significantly reduce financial exposure.
“Recent high-profile attacks on manufacturers show the vulnerability of the sector to high-dollar ransomware attacks, but those headlines are only half of the story,” Vishaal Hariprasad, co-founder and CEO of Resilience, said in a media statement. “Our research is focused on equipping security leaders with the knowledge required to better defend their organizations from devastating business interruption and financial loss.”
“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” said Jud Dressler, head of the Risk Operations Center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”
The Resilience report highlights a growing threat to manufacturers, as connected IoT devices in facilities are projected to more than double between 2025 and 2030, significantly expanding the attack surface. “Each additional sensor, actuator, and monitoring device on a factory floor represents a potential entry point. AI-amplified attacks are becoming more sophisticated in phishing campaigns and deepfake-based social engineering. Post-quantum cryptography is a future-facing threat, and of internet-accessible SSH servers globally, fewer than one in fifteen have adopted quantum-resistant encryption.”
Based on Resilience’s analysis of manufacturing insurance claims data and financial risk modeling, six controls consistently deliver the most significant impact on reducing financial exposure. Auditing and validating multi-factor authentication deployment helps ensure consistent enforcement across all accounts, removes bypass conditions, and confirms that conditional access policies are properly configured. Strengthening vulnerability management for external-facing systems reduces exposure to software flaws that are directly linked to costly ransomware incidents.
Implementing procedural controls for financial transfers helps protect against phishing and transfer fraud, which represent the most frequent claim activity. This is also a strategic cost-saving measure, as the average transfer fraud event costs roughly ten times more than the average email compromise. Extending security requirements to vendors and supply chain partners helps address a distinct source of loss in the claims data, with manufacturers encouraged to enforce measures such as contractual MFA and patching requirements, continuous monitoring of vendor risk posture, and contingency planning for disruptions to critical suppliers.
Cyber risk quantification and transfer play a key role in translating cybersecurity exposure into financial terms that resonate with CFOs and boards and support more informed investment decisions. The claims data underscores that ransomware dominates financial losses, that a single point of failure in MFA misconfiguration drives a significant share of exposure, and that unpatched software is directly tied to the most expensive outcomes, reinforcing the need for targeted control investments and appropriate insurance coverage.
Resilience identifies a small set of high-impact priorities for manufacturing security leaders, based on a combination of threat intelligence and claims data. Critical issue is not simply deploying MFA, but continuously auditing and validating it to ensure full enforcement, eliminate bypass conditions, and properly configure access policies. Misconfigured MFA emerges as the single most expensive point of failure, accounting for about 26% of total losses and playing a role in the largest ransomware incident in the dataset.
The report also highlights need to strengthen vulnerability management for external-facing systems, as software exploits are directly tied to the most costly ransomware events. Where patching is difficult due to OT (operational technology) constraints, organizations are urged to adopt compensating controls such as network isolation, virtual patching, and enhanced monitoring. These vulnerabilities account for roughly 13% of total losses and are concentrated in high-severity ransomware attacks.
Resilience highlights that transfer fraud and email compromise are the most frequent sources of claims in manufacturing, accounting for about 30% of incidents, with phishing as the primary entry point. To reduce this risk, organizations are urged to implement stronger procedural controls, including out-of-band verification for payment changes, dual authorization for large transactions, and targeted training for finance teams.
The report also stresses that ransomware remains the dominant driver of financial loss, making early detection and containment the most critical capability. Recommended measures include stronger segmentation between IT and OT environments, endpoint detection tailored to ransomware, and well-tested backup and recovery processes. At the same time, vendor-related weaknesses are identified as a distinct source of losses, prompting the need for stricter security requirements across supply chains, along with continuous monitoring and contingency planning.
Finally, the analysis underscores the importance of translating cyber risk into financial terms through risk quantification and insurance strategies. By linking losses to specific failures such as MFA misconfiguration and unpatched software, the data provides a clear basis for prioritizing security investments and making more informed decisions on risk transfer and coverage.
