SECTION 04
Ransomware Sectors:
The Most Attacked Industries
Wide Open, Then Narrow: Europe's Subindustry Exposure Pattern
Two sectors absorb almost half of Europe's ransomware: Manufacturing at 27.9% (576 incidents) and Professional, Scientific and Technical Services at 17.8% (368), together 45.7% of the 2,066 total. They are hit in opposite ways, and the contrast is the useful part.
Manufacturing is wide open. Its 576 incidents spread across 78 subindustries, with no single one above 7.1%, and its share has risen every period (25.5%, 27.2%, 30.8%). There is no safe niche; the whole sector is exposed, and increasingly so.
Professional and Technical Services are the opposite: Narrow, and tightening. One subindustry, Computer Systems Design and Related Services, is the single most-targeted in all of Europe at 5.4% of every recorded incident, and its share within the sector is climbing fast, from 27.5% of the Professional and Technical Services sector's incidents in the first half of 2025 to 38.4% by early 2026. The exposure here is narrowing onto one subindustry rather than spreading across the whole sector.
That matters beyond its size, because an IT-services firm is itself a supplier, sitting inside the operations of the organizations it serves.
Beyond the numbers, what makes this subindustry a strategic target is that when the leading target is a supplier, every client it serves is exposed through it.
Where the Data Meets the Law
This is also where the law lands. The NIS2 Directive brings IT and digital service providers under direct regulation, many as essential entities, and it makes their customers responsible for the security of the suppliers they depend on. Important parts of Manufacturing, including machinery, electronics, medical devices, and motor vehicles, fall under NIS2 as important entities, and the Cyber Resilience Act adds obligations on any that ship products with digital elements.
The two sectors carrying the most ransomware are, in short, the two sectors European law now regulates most directly.
The same logic applies to the sectors that are small in volume but high in consequence. Energy recorded only 20 incidents but rose every period (4, 7, 9); Health Care recorded 60, and Public Administration 46. All three are NIS2 essential sectors, where one successful attack reaches well beyond the target, which is why the law treats them as essential regardless of how often they are hit.
Next: See how vendors become the breach.
The sectors facing the most ransomware are also the ones most embedded in each other's supply chains. That's not a coincidence.