Skip to content

Leading the Way: Ransomware Attacks in Manufacturing

For all the concerns about the manufacturing sector and how it’s been affected by supply chain issues, there is one area where manufacturing leads all other industries: ransomware attacks.

According to Advisen loss data, ransomware attacks in manufacturing doubled from 2019 to 2021, making it the most targeted industry. This marks a shift from previous years, when public administration and health care led the parade of victims.

Why? Opportunity, for one. Many manufacturers have embraced technology in the form of automation and digitization, creating new points of entry for bad actors. And many continue to store their data locally, a big vulnerability.

This can be high-value data as well, including intellectual property and other trade secrets, or third-party data from suppliers or clients. That makes it more likely that the ransom will have to be paid in the event of an attack.

And as you may know, the ransom often is the least of the financial hit sustained by victims. The costs of business interruption, reputational damage and other related factors can quickly exceed the actual ransom cost, which in itself can be quite substantial. Meat supplier JBS Foods was attacked in May of 2021, with a price tag of $11 million on the ransom alone.

While hackers have increasingly targeted smaller operations across all industries, largely because they tend to be softer targets with less sophisticated defenses, the largest of operations are not immune. Recent victims include Samsung Electronics and the Bose Corporation.

For one more bit of good news, hackers continue to change their methods, and some attacks now do not involve locking down your data. Instead, they demonstrate that they have penetrated your systems and demand payment in exchange for not locking down your data, a sort of variation on the protection rackets of times gone by. So even though there’s technically no ransom, there are still potentially huge costs involved.

For manufacturers as for everyone else, the best practice is to prevent an attack rather than recover from one. Make sure you’re working with IT professionals who understand your business, its data and its exposures. Even then there are no guarantees, so be certain that you’re adequately covered by cyber liability protection as well.

Questions about cyber liability and protecting your business? Contact Consolidated Insurance.

Skip to content