For the fourth consecutive year, manufacturing accounts for more cyberattacks than any other sector globally, representing 26% of all incidents in 2025, according to IBM's X-Force Threat Intelligence Index[1]. In the Nordics, manufacturing was the most heavily hit sector for ransomware in 2024, at 36%[2] of identified attacks. In the UK, Palo Alto Networks' Unit 42 data shows manufacturers suffered more ransomware incidents than any other industry in 2023[3].
Why Attackers Target Manufacturing
Manufacturers are operationally vulnerable in ways most other industries aren't. When a factory floor goes offline, the losses begin immediately. That urgency is exactly what ransomware groups exploit. The median cost of a manufacturing ransomware attack is now $600,000, according to Arctic Wolf Incident Response[4], and the pressure to pay quickly is immense.
There's also the supply chain angle. Complex supplier networks mean a constant flow of vendor communications through inboxes: invoices, delivery confirmations, order changes. Attackers invest significant effort in mapping these workflows before targeting them. The goal isn't to brute-force a system; it's to impersonate something that already looks routine.
Add IT/OT convergence to that picture. As factories bring legacy operational technology online, the attack surface grows significantly. Many of these systems were never designed with security in mind and can't easily be patched. The result is an industry that is valuable, operational-disruption-averse, and structurally more exposed than most.
This Is Not Just a Large Enterprise Problem
There's a common assumption that cyberattacks target large organisations with deep pockets. The data tells a different story. 80% of ransomware attacks target businesses with fewer than 1,000 employees[5]. Attackers are not going after size; they're going after vulnerability.
61% of SMBs surveyed by Vanson Bourne[6] said a serious cyberattack could be enough to put them out of business entirely. For a mid-market manufacturer on tight margins, weeks of downtime and months of recovery are not an inconvenience. They can be existential. In many of these incidents, the initial access point traces back to credential theft, workflow impersonation, or other forms of human-targeted deception. The technical sophistication of an attack often matters far less than its social engineering component.
The Human Problem at the Centre of It All
The UK's Information Commissioner's Office reported that in 2024, 71% of manufacturing data incidents were cyber-related[7]. Unauthorised access was the standout issue. In a sector where employees routinely process supplier invoices, logistics updates, and procurement requests from external parties, the conditions for social engineering are near-constant.
Not every employee represents equal exposure. In manufacturing, the highest-risk users tend to be those handling supplier communications, procurement, and logistics. And AI has made targeting them significantly easier. Attackers now craft hyper-personalised, contextually accurate messages at scale. IBM's 2025 Cost of a Data Breach Report found that shadow AI alone added an average of $670,000 to breach costs[8]. Employees trained on yesterday's threat patterns are being tested against today's attacks.
The workforce challenge is structural too. People on the production floor interact with digital systems differently from those in office roles. Generic, one-size training doesn't reach them, and it doesn't prepare them for the specific ways their role might be targeted.
What Lean IT Teams Can Do About It
The IT team is already stretched. Adding a meaningful, ongoing security awareness programme on top of infrastructure, support, compliance, and operational continuity is genuinely difficult to sustain. Annual training is not sufficient. Retention decays rapidly without reinforcement, and a once-a-year video module is ticking a box, not building awareness.
What works is continuous, realistic training built around the specific threats employees are likely to face: supplier impersonation, invoice fraud, logistics-themed attacks. This sits alongside the technical controls every manufacturing IT team should have in place: MFA, network segmentation, privileged access management, incident response. Those reduce exposure. But a well-targeted social engineering attempt can bypass all of them if the person on the receiving end doesn't recognise it. Awareness training is what closes that gap.
The question for most lean IT teams isn't whether this is the right approach. It's whether they can deliver it without adding significant overhead.
Keeping Pace With the Threat
Practice from Pistachio was built to answer that question directly. It deploys in 10 minutes via Microsoft Entra and runs fully automated simulations across email and Microsoft Teams, with difficulty and frequency adapting automatically to individual performance, with no manual campaign management required.
Matti Hakkarainen, ICT Manager at I-Valo Oy, a lighting manufacturer, commented: “Our goal was to help employees better recognize phishing emails and avoid malicious links. Pistachio made this easy and engaging, and we’ve seen a clear improvement in detection, fewer clicks on phishing links, and reduced data disclosure. With minimal ongoing maintenance, it’s an effective and low-effort solution.”
Manufacturing is the most targeted industry in both the UK and the Nordics. Your employees are the most likely entry point. The manufacturers improving their resilience fastest are not the ones running annual awareness courses. They're the ones continuously training employees against the attacks they face.
See how Practice builds lasting resilience. Email contact@pistachioapp.com to book your 15-minute demo.
