The "State of Ransomware in Manufacturing and Production 2025" report by Sophos sheds light on the current landscape of cybersecurity threats facing the manufacturing sector. This comprehensive study reveals a mixed picture; while manufacturers are making strides in defending against ransomware, attackers are adapting their strategies to maintain pressure on organisations.
Notably, the report indicates that 40% of ransomware attacks in the sector resulted in encryption, a sharp decline from 74% just a year prior. Despite this progress, companies are increasingly facing extortion tactics that rely solely on data theft, with such incidents rising from 3% to 10% in the same period.
“Attackers exploit this pressure: despite encryption rates falling to 40%, the median ransom paid still reached $1 million,” noted Alexandra Rose, director of threat research at Sophos Counter Threat Unit.
This highlights the dual challenges manufacturers now face—preventing data encryption while also securing sensitive information from being stolen.
The report, based on a survey of 332 manufacturing organisations affected by ransomware over the past year, indicates that 50% were able to intercept attacks prior to data encryption, a substantial improvement from 24% in the previous year.
However, the economic impact remains significant, with the average recovery cost from an attack, excluding ransom payments, estimated at $1.3 million.
Sophos also highlights that internal weaknesses contribute to vulnerabilities. A significant proportion of respondents cited a lack of expertise (42.5%) and unknown security gaps (41.6%) as key factors leading to successful attacks.
Source: State of Ransomware in Manufacturing and Production 2025, Sophos
Additionally, 47% of manufacturers reported increased stress among their IT teams following data encryption incidents, underscoring the human toll of these attacks.
This evolving threat landscape necessitates a proactive approach to cybersecurity. Sophos recommends adopting layered defenses, ensuring continuous visibility, and establishing robust incident response plans to better prepare organisations for future attacks.
Monitoring threats around the clock is essential, particularly as nearly half of manufacturers still paid ransoms to regain access to their data.
With ransomware tactics continually changing, the importance of sophisticated and adaptive cybersecurity measures becomes increasingly apparent for manufacturing firms.
