Key Takeaways
- Ransomware caused over 90 % of financial losses in Resilience’s manufacturing portfolio, even though it represented only 12 % of claim volume.
- Phishing and transfer fraud together accounted for roughly 30 % of claims, underscoring the persistent role of human error.
- Misconfigured multi‑factor authentication (MFA) was responsible for about 26 % of total losses, including the costliest single incident linked to the BlackCat ransomware group.
- Software vulnerabilities contributed 13 % of losses, while wrongful data‑collection practices generated 12 % of claims but rarely resulted in payouts.
- Legacy IT/OT systems, a widening skills gap, and historic under‑investment in cybersecurity amplify manufacturers’ exposure.
- Practical, low‑cost controls—such as auditing MFA deployment, enforcing procedural safeguards for financial transfers, and investing in ransomware containment—can materially reduce risk without requiring a complete overhaul of existing security programs.
Overview of Findings
A five‑year analysis of proprietary claims data from Resilience’s manufacturing portfolio reveals a stark disparity between claim frequency and financial impact. Although ransomware incidents made up only a modest 12 % of the total number of claims, they drove more than 90 % of the incurred losses. This imbalance highlights how a relatively small number of high‑severity ransomware events can cripple manufacturers financially, far outweighing the cumulative effect of more frequent, lower‑impact cyber incidents. The data underscore the urgency for manufacturers to prioritize ransomware preparedness, not merely because attacks are common, but because their potential to cause massive business interruption and direct financial loss is disproportionately large.
Ransomware Dominates Financial Impact
The report identifies ransomware as the single greatest threat to manufacturers’ bottom line. Over the five‑year window, ransomware‑related losses accounted for nine‑tenths of all incurred costs, despite its low frequency. The trend is worsening: ransomware attacks against manufacturers rose 61 % year over year, cementing the sector’s status as a top target for cybercriminals. Contributing factors include the rapid convergence of information technology (IT) and operational technology (OT), which erodes traditional security boundaries, and attackers’ awareness that manufacturers cannot tolerate prolonged downtime, making them more likely to pay ransoms to resume production quickly.
Phishing and Transfer Fraud as Human‑Error Drivers
Phishing and transfer fraud collectively represent about 30 % of manufacturing claims, illustrating that human error remains a leading cause of cyber disruption. Phishing campaigns typically harvest credentials via infostealer malware hidden in email attachments or through spoofed login pages that mimic legitimate sites. Once credentials are compromised, attackers can initiate fraudulent wire transfers or move laterally within networks. Transfer fraud, a subset of these schemes, accounted for 4.2 % of claim volume but still contributed noticeably to overall losses, reinforcing the need for robust employee training, email filtering, and verification procedures for financial transactions.
Misconfigured Multi‑Factor Authentication as a Critical Weakness
An estimated 26 % of all portfolio losses stemmed from MFA misconfigurations, marking it as the second‑largest source of financial damage after ransomware. The most expensive single event in the dataset—attributed to the BlackCat ransomware group—was made possible by a flaw in MFA deployment that allowed attackers to bypass the additional authentication layer. This finding demonstrates that merely implementing MFA is insufficient; organizations must continuously audit, validate, and harden MFA settings, ensure proper enrollment of all privileged accounts, and monitor for anomalous authentication attempts to prevent adversaries from exploiting configuration gaps.
Software Vulnerabilities and Wrongful Data Collection
Software vulnerabilities accounted for 13 % of losses, reflecting the risk posed by unpatched or poorly managed applications within manufacturing environments. Meanwhile, wrongful data‑collection practices generated 12 % of claims, primarily driven by website tracking pixels and related litigation rather than operational data harvested from connected factory equipment. Notably, most of these data‑collection claims resulted in zero payout, suggesting that while they generate legal and compliance overhead, they are less likely to cause direct financial harm compared to ransomware or fraud. Nonetheless, they signal broader governance challenges that manufacturers must address to avoid regulatory penalties and reputational damage.
Legacy Systems, Skills Gaps, and Under‑Investment
Beyond technical flaws, the report highlights structural challenges that exacerbate cyber risk. Many manufacturers rely on legacy IT/OT systems for which vendors no longer provide security patches, leaving known vulnerabilities exploitable. A persistent skills gap—wherein cybersecurity talent is scarce or inadequately trained—limits organizations’ ability to detect, respond to, and remediate threats effectively. Historical under‑investment in cybersecurity further weakens defenses, as budget constraints often prioritize production uptime over proactive security measures. Together, these factors create an environment where attackers can exploit both outdated technology and human limitations.
Practical Mitigations That Deliver Measurable Risk Reduction
Encouragingly, the analysis suggests that manufacturers do not need to undertake massive, costly overhauls to improve their security posture. Simple, evidence‑based controls can yield substantial risk reductions:
- Audit and validate MFA deployment to ensure correct configuration and coverage of all privileged accounts.
- Implement procedural controls for financial transfers, such as dual‑approval workflows and out‑of‑band verification, to thwart transfer fraud.
- Invest in ransomware containment and response capabilities, including network segmentation, offline backups, and incident‑response playbooks tailored to ransomware scenarios.
- Conduct regular vulnerability scanning and patch management, prioritizing critical assets in both IT and OT domains.
- Enhance employee awareness through targeted phishing simulations and training, reducing the likelihood of credential compromise.
These measures, when applied consistently, can materially lower the probability and impact of high‑cost incidents without requiring a complete replacement of existing infrastructure.
Conclusion and Call to Action
The Resilience report makes clear that manufacturers face a paradox: cyberattacks are relatively infrequent yet extraordinarily costly when they occur, particularly ransomware events enabled by preventable misconfigurations and human error. The convergence of IT/OT, legacy systems, skills shortages, and historic under‑investment has created a fertile ground for cybercriminals. However, the data also reveal that straightforward, well‑executed security practices—centered on robust MFA, disciplined financial controls, and proactive ransomware preparedness—can dramatically mitigate risk. Manufacturers should treat these findings as a roadmap: prioritize the identified high‑impact controls, continuously monitor their effectiveness, and foster a culture where cybersecurity is viewed as an enabler of reliable, uninterrupted production rather than a cost center. By doing so, the sector can better safeguard its operations, protect its bottom line, and maintain resilience against an evolving threat landscape.