Ransomware attacks on manufacturing and production organizations are on the rise, with 65% of companies surveyed reporting such incidents in the past year. This marks a significant increase from 2020 when the figure stood at 46%, according to cybersecurity firm Sophos.
The data is derived from survey responses of 585 manufacturers and production companies worldwide. These respondents were part of a larger cross-sectional survey encompassing 5,000 companies across various industries that employ between 100 and 5,000 employees.
Three out of four ransomware attacks on manufacturing organizations (74%) resulted in data encryption, representing the highest encryption rate for the sector in the last five years. The survey also found that 62% of manufacturing organizations paid the ransom to retrieve their data. This percentage has nearly doubled from Sophos’ 2023 study, where the sector reported one of the lowest ransom payment rates (34%) across all sectors.
In 2024, manufacturing organizations reported an average cost of $1.67 million to recover from a ransomware attack, up from $1.08 million in 2023.
Although ransom payments have increased, victims rarely pay the full amount demanded. Only 27% of manufacturing victims stated that their payment matched the original request; 65% paid less than the original demand, and only 8% paid more.
The report highlighted that among the 157 manufacturing respondents whose organizations paid the ransom, the actual sum paid revealed an average (median) payment increase by 167% over the last year—from $450,000 to $1.2 million.
