Ransomware Assaults Intensify Impact on Manufacturing Industry in the Year 2023
The manufacturing sector has become a prime target for ransomware attacks, with the number and financial impact of these attacks increasing significantly in 2023.
According to a recent report by Sophos, ransomware attacks on manufacturing and production organizations reached a five-year high in 2023. The report is based on a Vanson Bourne survey of IT and cybersecurity leaders at manufacturing organizations with up to 5,000 employees in various global regions.
The data shows that two-thirds of manufacturing and production organizations experienced a ransomware attack last year, and more than 3 in 5 victim organizations reported paying a ransom. The average ransom payment in the manufacturing sector increased 88% to almost $2.4 million in 2023.
Among the companies that reported initial ransom demands, 3 in 5 received asks for at least $1 million. Notably, the report does not mention any specific company that paid a ransom in excess of $2.4 million.
One of the high-profile victims of a ransomware attack in 2023 was Clorox, which incurred $49 million in costs from the cyberattack. The company reported severe operational disruptions and extended product shortages from the major attack in August 2023. Recovery efforts for Clorox are still ongoing.
John Shier, Field CTO of threat intelligence at Sophos, stated that while most ransomware attacks are opportunistic, attacks against manufacturing organizations encounter less resistance and are therefore more successful. This is because manufacturing companies often have a large attack surface, with a mix of legacy and modern systems, making them more vulnerable to attacks.
The report does not provide details on the specific industries within the manufacturing sector that experienced the highest ransom payments. Nor does it specify the number of manufacturing organizations surveyed. However, the report does indicate that the manufacturing sector was one of the top two industries to pay ransoms to recover encrypted data in 2023.
The financial costs of ransomware attacks are not limited to ransom payments. They also include substantial data breaches, operational downtime, regulatory fines, and reputational damage. For example, in January 2024, Schneider Electric—a major manufacturing-related company—faced a ransomware attack resulting in a 1.5TB data breach, which imposed heavy costs related to ransom pressure, customer trust erosion, and compliance penalties.
The global average cost per industrial data breach has also been rising through 2023 and into 2024. Additional indicators suggest rising financial impacts across sectors, including manufacturing, as organizations devote more resources to cybersecurity defenses, incident response, and downtime costs.
In conclusion, ransomware attacks on the manufacturing sector have become more frequent and more financially damaging in 2023. Manufacturing companies must prioritize cybersecurity to protect their operational and financial health, and to maintain customer trust.
[1] Sophos, "Manufacturing sector hit by record number of ransomware attacks in 2023," URL
[2] Verizon, "2024 Data Breach Investigations Report," URL
[3] Ponemon Institute, "2023 Cost of a Data Breach Report," URL
- The rise in ransomware attacks on the manufacturing sector, as evidenced by the report from Sophos, has highlighted the importance of threat intelligence in cybersecurity, particularly in identifying and mitigating these attacks.
- Amid the increasing financial impact of ransomware attacks on the manufacturing sector, it is crucial for technology advancements to offer more robust cybersecurity solutions to protect organizations and limit the disruption caused by these incidents.
