Black Kite’s 2025 Manufacturing Report Reveals Manufacturers Remain the #1 Ransomware Target for the Fourth Consecutive Year

REPORT FINDS THAT MANUFACTURING RANSOMWARE ATTACKS INCREASED BY 9% COMPARED TO LAST YEAR, DRIVEN BY RAPID DIGITAL TRANSFORMATION AND PERVASIVE SECURITY VULNERABILITIES

BOSTON, MA – October 8, 2025 — Black Kite, the leader in third-party cyber risk intelligence, today announced the release of its 2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk. The report found that manufacturing’s rapid digital transformation has exposed an expansive and often unsecured attack surface through interconnected supply chains. This, coupled with a pervasive pattern of security vulnerabilities, has resulted in this sector remaining ransomware’s number one target for the fourth year in a row.

“Manufacturing industry's greatest vulnerability isn't its own network – it's the massive, interconnected supply chain that keeps the business running,” said Fehart Dikbiyik, Chief Research & Intelligence Officer, Black Kite. “As more manufacturers continue digital transformation in the years following COVID-19, their expanding supply chains create a larger attack surface. At the same time, the speed at which new vulnerabilities are introduced has left organizations struggling to patch critical exposures in a timely manner, increasing their ransomware susceptibility. Our findings reveal that cybercriminals are not attacking indiscriminately; they are deliberately targeting this industry because they know its operational continuity is critical and any disruption can cause a cascading effect through global supply chains.”

Black Kite’s report findings highlight that manufacturing enterprises, with their complex operational technology (OT), global exposure, and intricate digital footprints, are attractive to well-resourced attackers. 

The focus is evident across the board: 

  • Among companies earning over $1 billion, manufacturing comprises a staggering 38.9% of ransomware victims. 
  • The trend continues for companies earning between $100 million and $300 million; manufacturing accounts for 30% of ransomware victims.
  • Among companies with less than $20M, manufacturing is the second targeted industry at 17%. The demise of dominant groups like LockBit and AlphV has created a power vacuum, giving rise to new, less coordinated, and unpredictable players who often focus on smaller companies. 

These trends show that manufacturing remains a prime ransomware target across companies of all sizes, from small suppliers to billion-dollar enterprises.

Exposing Supply Chain Risks

Black Kite’s report reveals that the number of ransomware attacks on manufacturing companies keeps climbing, with a 9% increase compared to last year. A significant driver of this increase is the supply chain. Not only are larger enterprises a target, but new and smaller ransomware groups are targeting smaller contractors to gain a foothold in the larger manufacturing ecosystem. This strategy allows attackers to bypass the more robust defenses of large manufacturers by exploiting their less secure third-party suppliers. 

The report’s key findings include:

  • Manufacturing is a Primary, High-Value Target: Manufacturing remains ransomware's favorite target, holding the number one spot for the fourth consecutive year. Cybercriminals are deliberately targeting this industry because its operational continuity is critical. This is particularly true for high-value targets, with manufacturing accounting for 38.9% of ransomware victims among companies earning over $1 billion.
  • The Threat is Widespread and Indiscriminate: The distribution of ransomware victims across manufacturing sub-industries is "fairly even,” indicating that the type of manufacturing matters less to attackers than the industry's central location within broader industry workflows and supply chains.
  • Vulnerabilities are Pervasive: Manufacturing has significant, easily exploitable weaknesses. In fact, 75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher, and 65% have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog, meaning these weaknesses are already being exploited by threat actors. 
  • Third-Party Risk is Exploding: Ransomware attacks on manufacturing companies keep climbing, with a 9% increase compared to last year. A significant driver of this is the supply chain. The number of companies with leaked credentials (15% in the last 90 days) and those with critical stealer logs findings further underscores the supply chain risk. 

Traditional, Perimeter-Focused Security Model Does Not Work

For manufacturing cybersecurity leaders, Black Kite’s findings present a clear directive: the combination of high industry targeting, widespread critical vulnerabilities, and the critical role of the supply chain underscores a need to re-evaluate current approaches. 

Key steps to mitigate risks include:

  • Proactive Third-Party Cyber Risk Management is a Business Must-Have: Attackers use manufacturer suppliers as an on-ramp into the network. Manufacturers need a robust third-party cyber risk management (TPRM) program that goes beyond simple vendor questionnaires to identify, assess, monitor, and mitigate risks across the third-party ecosystem.
  • Focus on Foundational Cyber Hygiene: Security leaders must prioritize patch management for critical vulnerabilities that are actively exploited in the wild, and extend this focus beyond their own network's hygiene to the entire supply chain.
  • Ransomware Susceptibility is a Predictor: Black Kite’s Ransomware Susceptibility Index (RSI™) is not just an indicator for an organization but is a powerful tool to assess third-party suppliers' likelihood of being a victim. Knowing which suppliers are at the highest risk enables proactive risk mitigation and prevents a production line disruption.
  • The Threat Has Evolved, So Should Defenses. The ransomware landscape is more fragmented and unpredictable, with new groups emerging and using tactics like AI-assisted reconnaissance and double-targeting victims. Security teams need a dynamic, intelligence-led approach. Tools that combine supply chain monitoring with early warning signals are essential for staying ahead of evolving threats.

To read the report, visit https://content.blackkite.com/ebook/manufacturing-tprm-report-2025/.

To learn how Black Kite provides real-time third-party cyber risk intelligence to help organizations secure their supply chain, contact the Black Kite team.

Methodology

This report integrates various intelligence streams collected and curated by the Black Kite Research Group between April 2024 and March 2025. The ransomware-related data includes only publicly disclosed attacks that have been attributed to a known ransomware group. The report focuses on 1,042 companies selected from 10 specific NAICS sub-sectors representing the manufacturing industry with annual revenues exceeding $1 billion. The company list was verified using the Usearch database.

About Black Kite

Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process and a combination of threat, business, and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers. Learn more at www.blackkite.com or on the Black Kite blog.

Media Contact for Black Kite:
Michelle Kearney
Hi-Touch PR
443-857-9468
[email protected]