Check Point Software Technologies Ltd. unveiled its Manufacturing Threat Landscape 2025 report, highlighting a rapidly intensifying cyber security environment for the global manufacturing sector. As per the report findings, India has emerged as the Asia-Pacific epicentre of ransomware activity, with manufacturing organisations witnessing a marked rise in both frequency and impact.
According to the Exposure Management Research report, for the full year of 2025, 65% of affected Indian organisations paid ransoms, with average payouts reaching $1.35 million. Globally, attacks on manufacturers rose 56% from 937 incidents in 2024 to 1,466 in 2025 as threat actors increasingly prioritise operational disruption and supply chain leverage over standalone data theft.
In 2025, ransomware, supply chain interferences, and operational technology (OT) vulnerabilities converged to significantly elevate risk across industrial ecosystems.
While the United States reported the highest number of incidents (713), India’s position as a high-volume target (201) reflects both its scale and rapid industrial digitisation. Similar patterns are visible across Europe and the UK, where attacks on manufacturing continue to trigger downstream disruptions across automotive, aerospace, and logistics sectors.
Recent insights from Check Point Threat Intelligence also highlighted that industrial manufacturing organisations in India faced up to 2,786 cyberattacks per week over the last 6 months, underscoring the intensity and persistence of targeting.
“India’s emergence as the APAC ransomware epicentre signals a shift toward persistent, high-frequency attacks engineered for business impact.” said Sundar Balasubramanian, Managing Director, India, Check Point Software Technologies Ltd. “This requires organisations to move beyond reactive security models. With comprehensive architectures like Check Point’s Hybrid Mesh Network Security, enterprises can enable unified, scalable protection across IT and OT environments reducing complexity and preventing threats before they impact operations.”
Why Manufacturers Are So Vulnerable
The rise in attacks is driven by three structural challenges:
Legacy OT infrastructure: Industrial systems such as PLCs, SCADA, and IoT devices were not designed with modern security frameworks, making them highly exploitable.
Expanding supply chains: Threat actors are increasingly leveraging third-party vendors and service providers as entry points.
Ransomware-as-a-Service (RaaS): The industrialisation of cybercrime has enabled rapid scaling through affiliate-driven models.
The Threat Actors Driving Industrial Attacks
Manufacturing is now targeted by both financially motivated ransomware groups and geopolitically aligned actors, reinforcing its role as a critical economic and strategic pressure point.
Akira leverages VPN vulnerabilities, unpatched systems, and phishing to execute attacks combining data exfiltration with encryption.
Qilin, operating on a RaaS model, focuses on manufacturing and logistics, extending disruption across interconnected ecosystems.
The Play ransomware group exploits legitimate credentials and disables security controls prior to encryption, amplifying operational impact.
In parallel, hacktivist and state-aligned groups such as NoName057(16) and China-linked actors are conducting denial-of-service attacks, OT reconnaissance, and public-facing disruptions, often aligned with geopolitical developments.
The Most Common Attack Paths Into Manufacturing Networks
Ransomware remained the primary attack vector, accounting for 890 manufacturing incidents, but techniques are becoming more varied and sophisticated:
Exploited vulnerabilities (32%) targeting legacy systems and internet-facing applications
Phishing campaigns (23%) that are increasingly AI-enabled and highly personalised
Compromised credentials, now widely traded on the dark web
Supply chain and remote access exploitation, enabling lateral movement across IT and OT environments
Attack strategies are also evolving beyond encryption to include data exfiltration, extortion-only models, and direct operational disruption.
A Manufacturing Cyber Security Reprioritization is Needed
The report highlights the need for manufacturers to recalibrate cyber security strategies:
Adopt Zero Trust architectures across IT and OT environments
Accelerate vulnerability management and patching cycles
Strengthen identity and access controls, including MFA and SSO
Implement immutable and offline backup systems
Build employee awareness and phishing resilience
Elevate third-party risk management as a core security function
2026 Manufacturing Security Forecast
Cyber threats targeting manufacturing are expected to intensify, driven by AI-enabled attack automation, faster execution cycles, and a growing emphasis on data extortion. As geopolitical tensions increasingly extend into cyberspace, manufacturing will remain a high-priority target.
As India strengthens its position as a global manufacturing hub, building cyber resilience will be critical to ensuring operational continuity and protecting supply chain integrity.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram