A new report from Sophos reveals encouraging signs that manufacturing companies are improving at defending against ransomware, though the threat remains serious and the human cost is high.
The Good News: Fewer Successful Attacks
The most striking finding is that ransomware attacks resulting in encrypted data have plummeted to 40% in 2025, down from 74% last year. Even more impressive, half of all attacks are now stopped before data can be encrypted—more than double the rate from 2024. This suggests manufacturers are becoming more effective at detecting and halting attacks in their tracks.
Recovery times have also improved dramatically. Nearly 60% of companies now bounce back within a week, up from 44% last year. The average recovery cost dropped 24% to $1.3 million, offering some financial relief to an industry under pressure.
How Attackers Get In
The report identifies exploited vulnerabilities as the leading entry point, responsible for 32% of attacks. Malicious emails came second at 23%, while compromised credentials accounted for 20% of incidents—the lowest level in three years.
But the technical story is only part of the picture. Manufacturing companies cite a lack of cybersecurity expertise as their biggest weakness, with 42.5% naming it as a contributing factor. Unknown security gaps and inadequate protection systems round out the top three organizational vulnerabilities, highlighting that many manufacturers are fighting blind against sophisticated attackers.
The Ransom Reality
When data is encrypted, 51% of manufacturers pay the ransom to recover it—down from 62% last year. This suggests growing confidence in alternative recovery methods, particularly backups, which were used in 58% of cases.
Ransom demands have decreased, with the average demand falling 20% to $1.2 million. Actual payments also dropped to $1 million. However, there’s a concerning trend: extreme demands and costs of $5 million or more have increased slightly, indicating that while overall numbers are down, attackers are still scoring big wins against specific targets.
Interestingly, manufacturers paid an average of 86% of the initial demand—up from 70% last year. Only 37% matched the exact demand, while 49% negotiated lower payments and 13% actually paid more than initially asked.
The Hidden Human Cost
The report’s most sobering finding is the toll on IT and cybersecurity teams. Every single manufacturer that experienced data encryption reported direct impacts on their staff. Nearly half cited increased anxiety about future attacks, while 44% reported increased pressure from senior leaders.
More concerning, 40% of teams experienced guilt for not stopping the attack, 27% saw their leadership replaced, and 20% had staff absences due to stress and mental health issues. These numbers exceed cross-sector averages, suggesting the manufacturing sector’s IT teams are bearing a hefty burden.
Looking Ahead
While the data shows evident progress in defensive capabilities, the report emphasizes that ransomware remains a significant threat. The combination of improved detection, faster recovery, and lower costs points to a maturing security posture across manufacturing. However, the persistent human impact and the emergence of new attack patterns mean companies cannot afford to become complacent.
The key takeaway: manufacturing is winning more battles, but the war against ransomware is far from over.
