Industry-leading experts warn that manufacturing environments are growing in complexity, talent and security gaps are widening, and a robust defense with continuous user education is essential to curb ransomware risk.

The study ties rising IT/OT/IIoT convergence and ongoing labor challenges to greater financial risk from ransomware, urging stronger protection across IT, OT, and IIoT layers.

Officials advocate a layered defense that includes endpoint ransomware protection and KICS, Kaspersky’s OT-focused XDR platform, alongside comprehensive training and threat intelligence.

Findings come from Kaspersky Security Network data from January through September 2025 and illustrate potential losses if threats had succeeded, not confirmed incidents.

Ransomware attacks on manufacturers in the first three quarters of 2025 could have caused over $18 billion in direct downtime losses across regions including APAC, Europe, the Middle East, Africa, CIS and LATAM.

Readers are directed to Kaspersky’s 2025 State of Ransomware Report and related resources for further information on threat protection and industrial cybersecurity.

The article's information draws on Kaspersky Security Network data and the 2025 State of Ransomware Report, with Fresh Angle News releasing the analysis via APO Group.

The figures are conservative estimates based on idle workforce costs, with potential higher losses from equipment damage, customer churn, regulatory pressure, and brand erosion.

Kaspersky emphasizes that no region is immune and highlights vulnerable mid-tier manufacturers as ideal targets for disruption, underscoring the need for comprehensive defense.

Best practices involve enabling endpoint protection, using Kaspersky’s OT-focused ecosystem, and integrating EDR/XDR, threat intelligence, and ongoing training to safeguard industrial environments.

These losses reflect idle labor costs during production stoppages, with higher costs possible when accounting for supply-chain disruption and recovery expenses.

On average, attacks last about 13 days, amplifying immediate revenue losses and longer-term production shortfalls.

The report references the 2025 State of Ransomware Report and promotes Kaspersky products—KICS, EDR/anti-APT, threat intelligence, and training—as components of a layered defense.

Regional insights are expanded in the 2025 State of Ransomware Report, with ongoing threat intelligence sharing through Kaspersky Next Expert.

Mid-tier manufacturers, often with smaller security budgets, are highlighted as especially vulnerable, with a worst-case scenario considered if defenses fail.

There is a trend toward ‘big game hunting’ in manufacturing, with attackers likely to leverage AI for reconnaissance and lateral movement in OT networks.

Observations point to IT/OT/IIoT convergence increasing vulnerability, as automation and global supply chains create potential cascades across networks.

Mid-tier manufacturers are increasingly attractive targets due to limited security budgets, making reliable defense systems and ongoing user education critical.

Experts warn no region is immune; mid-tier manufacturers face higher disruption risks to supply chains without robust protection and continuous training.

Regional detections show the Middle East and Latin America leading ransomware activity in manufacturing, with APAC also reporting notable rates, while Europe trails.

The regional share of detected and blocked manufacturing ransomware attempts from Jan–Sept 2025 places the Middle East at 7% and Latin America at 6.5%, followed by APAC at 6.3%, Africa at 5.8%, CIS at 5.2%, and Europe at 3.8%.

Recommendations include enabling endpoint ransomware protection (including a free Kaspersky tool), adopting KICS for OT protection, and leveraging anti-APT/EDR, threat intelligence, and SOC training for stronger detection and response.

An annualized model suggests about 13 days of disruption per incident, with idle labor costs forming the bulk of direct losses.

Experts emphasize growing complexity, persistent skills gaps, and that no region is exempt, as attackers increasingly use supply-chain access, legacy OT systems, and AI-enabled tools.