New report highlights ransomware in manufacturing sector

ransomware in manufacturing

Share this content


A new report from Sophos has revealed that 68% of companies in the manufacturing sector who suffered a ransomware attack had their data encrypted.

The findings, published in ‘The State of Ransomware in Manufacturing and Production 2023’, suggest that this is the highest reported encryption rate for the sector over the past three years.

The percentage of manufacturing organisations that used backups to recover data has increased, with 73% of organisations surveyed using backups this year versus 58% in the previous year.

In spite of this increase, Sophos found that the sector still has one of the lowest data recovery rates.

“Paying a ransom doubles the costs of recovery”

“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery,” commented John Shier, Field CTO, Sophos.

“While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery.

“With 77% of manufacturing organisations reporting lost revenue after a ransomware attack, this added cost burden should be avoided and priority placed on earlier detection and response.”

Expert advice: Ransomware in manufacturing

Sophos experts recommend the following best practices for organisations in manufacturing and other sectors. Strengthen defensive shields with:

  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities and zero trust network access (ZTNA) to thwart the abuse of compromised credentials
  • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist managed detection and response (MDR) provider

Other advice:

  • Optimise attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
  • Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations


Sophos is a leader and innovator of advanced cybersecurity solutions, including managed detection and response (MDR) and incident response services and a broad portfolio of endpoint, network, email and cloud security technologies that help organisations defeat cyber-attacks.

Sophos defends more than 500,000 organisations and more than 100 million users globally from active adversaries, ransomware, phishing, malware and more.

Receive the latest breaking news straight to your inbox