In Africa, the figure is even higher, reaching 1,872 weekly attacks in just the last four weeks, revealing the continent’s escalating exposure.

Ransomware

Ransomware is the most destructive weapon against manufacturers. More and more, attackers exploit the reality that every hour of downtime equates to millions in losses. In 2024 alone, manufacturing represented 22% of all global ransomware victims, making it the single most targeted sector.

The fallout has been devastating. In recent years:

• Clorox (2023) saw $356 million wiped off quarterly sales after a ransomware-triggered disruption.
• Microchip Technology (2023) faced $21.4 million in direct costs.
• Schumag AG (2024) was pushed into insolvency after prolonged shutdowns.
• Nucor Corporation (2025), North America’s largest steel producer, had to halt production across multiple mills following a cyber breach.

“Attackers know that every hour of halted production can cost millions. That’s why ransomware groups view manufacturers as prime targets: they don’t need to steal sensitive customer data when they can simply shut down operations and demand payment,” said Lorna Hardie, regional director: Africa, Check Point Software Technologies.

Supply Chains: The Fragile Backbone

The report warns that manufacturing’s interconnected supply chains strengthen cyber risks. A single compromised supplier can cascade across thousands of downstream businesses, crippling entire industries. With Africa’s industrial base heavily dependent on Europe, its largest trading partner, the stakes are even higher.

Europe’s new NIS2 directive has introduced strict cybersecurity obligations for critical sectors. African manufacturers that fall short of these standards may jeopardise partnerships and risk exclusion from European trade networks.

Hardie stated: “African businesses must act now to comply with the EU’s NIS2 Directive or risk losing valuable revenue streams through their European trading partners.”

State Actors and Hacktivists Add to the Pressure

The manufacturing sector is not only hunted by cyber criminals but also caught in the crosshairs of geopolitics. State-backed groups are increasingly stealing defence blueprints, automotive designs, and advanced technologies. In one case, Chinese-linked actors targeted Taiwan’s drone industry, exfiltrating sensitive engineering data.

At the same time, hacktivists have raised their profile. Between 2024 and 2025, manufacturing accounted for 15% of all hacktivist attacks, ranging from website defacements to distributed denial-of-service (DDoS) campaigns. Groups tied to conflicts in Eastern Europe and the Middle East have explicitly targeted manufacturers to maximise political and economic impact.

A Boardroom-Level Risk

Check Point’s report explains that manufacturing security is no longer a technical issue. It is a board-level concern that directly influences revenue, reputation, and national competitiveness. The recommendations say invest in prevention-first defences, demand stronger cybersecurity from suppliers, protect intellectual property, and treat downtime as a top-tier risk.

“Executives who embrace these priorities are not just defending against today’s threats, they are building a competitive edge. In an industry where uptime, trust, and innovation drive market share, resilience becomes a differentiator,” Hardie said.

The Bottom Line

With cyber attacks against manufacturing growing in both volume and sophistication, factories can no longer afford to view cyber threats as background noise. 

Be it from ransomware gangs, foreign intelligence services, or politically motivated hacktivists, the risks are converging on the heart of industrial production. For Africa in particular, surviving will depend on securing networks and aligning with global cybersecurity standards to keep supply chains intact.

Sophos, a global leader in innovating and delivering cybersecurity as a service, has announced a new sectoral survey report, “The State of Ransomware in Manufacturing and Production 2023,” which found that in more than two-thirds (68%) of ransomware attacks against this sector, the adversaries successfully encrypted data.

This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

However, in contrast to other sectors, the percentage of manufacturing organizations that used backups to recover data has increased, with 73% of the manufacturing organizations surveyed using backups this year versus 58% in the previous year. Despite this increase, the sector still has one of the lowest data recovery rates.

“Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery,” said John Shier, field CTO, Sophos. “With 77% of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.”

In addition, despite the growing use of backups, manufacturing and production reported longer recovery times this year. In 2022, 67% of manufacturing organizations recovered within a week, while 33% recovered in more than week. This past year, only 55% of manufacturing organizations surveyed recovered within a week.  

“Longer recovery times in manufacturing are a concerning development. As we’ve seen in Sophos’ Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.”

Sophos provides a look at a large-scale ransomware attack against a manufacturing company in its newly released three-part “Think You Know Ransomware?” documentary series. In episode 2, Sophos interviews the chief information security officer of Norsk Hydro, a major aluminum production company, to learn about the aftermath and investigation of the attack against the company.

Sophos experts recommend the following best practices for organizations in manufacturing and across all other sectors:

• Strengthen defensive shields with:
  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
  • Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
• Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
• Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

To learn more about the State of Ransomware in Manufacturing and Production, download the full report from Sophos.com.

The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 363 organizations in manufacturing and production, across 14 countries in the Americas, EMEA and Asia Pacific.