2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk

by the Black Kite Research Group

Critical Insights into Manufacturing’s Third-Party Cyber Risk Landscape

This report paints a clear and alarming picture for the manufacturing sector. As an industry vital to global commerce, manufacturing has found itself at the center of a perfect storm of third-party risk, not by accident but by design.

The rapid digital transformation in the years following COVID-19 has exposed an expansive and often unsecured attack surface through a web of interconnected supply chains. This is coupled with a pervasive pattern of security vulnerabilities, from companies with critical weaknesses and CISA KEV Catalog vulnerabilities that are actively being exploited in the wild.

The result is an industry under siege, where an attack on a single, vulnerable third-party supplier can trigger a devastating and cascading disruption across the entire supply chain.

Cybersecurity leaders can use the data in this report to transform their approach to risk, moving beyond traditional security models to proactively manage the threats that exist in their supply chain.

Key Findings: Your Suppliers’ Vulnerabilities Are Your Risk

Manufacturing is a Primary, High-Value Target:

This year’s data confirms that manufacturing is still ransomware's favorite target, holding the #1 spot for the fourth consecutive year.
Cybercriminals are not attacking indiscriminately; they are deliberately targeting this industry because they know its operational continuity is critical and any disruption can cause a cascading effect through global supply chains.
This is particularly true for high-value targets, as manufacturing accounts for 38.9% of ransomware victims among companies earning over $1 billion.

The Threat is Widespread and Indiscriminate:

The notion that only certain sub-industries are at risk is a myth.
The distribution of ransomware victims across manufacturing sub-industries is “fairly even”.
This tells us that the "type" of manufacturing matters less to attackers than the industry's central location within broader industry workflows and supply chains.

Vulnerabilities are Pervasive:

The data confirms that the industry has significant, easily exploitable weaknesses.
A shocking 75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher.
Furthermore, 65% have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog, meaning these are already being actively exploited by attackers.
The widespread neglect of basic cyber hygiene is highlighted by poor grades in areas like patch management and application security.

Third-Party Risk is Exploding:

The data shows that the number of ransomware attacks on manufacturing companies keeps climbing, with a 9% increase compared to last year.
A significant driver of this is the supply chain. Not only are larger enterprises a target, but new and smaller ransomware groups are targeting smaller contractors to gain a foothold in the larger manufacturing ecosystem.
This "contractor weak link" strategy allows attackers to bypass the more robust defenses of larger manufacturers by exploiting their less secure third-party suppliers.
The sheer number of companies with leaked credentials (15% in the last 90 days) and those with critical stealer logs findings further underscores this supply chain risk.

Key Takeaways for Cybersecurity Leaders

For a cybersecurity leader at a manufacturing organization, the data is a wake-up call and a clear directive. The traditional, perimeter-focused security model is no longer sufficient.

1. Proactive Third-Party Cyber Risk Management (TPCRM) is a Must.

You cannot protect your organization without understanding and managing the risks posed by your entire supply chain. Attackers are using your suppliers as an on-ramp to your network. This means you must have a robust third-party risk management (TPRM) program that goes beyond simple vendor questionnaires. You need to identify, assess, monitor, and mitigate risks across your entire third-party ecosystem.

2. Focus on Foundational Cyber Hygiene.

The high percentage of companies with critical vulnerabilities and poor patch management is a sign that basic security controls are being neglected. Cybersecurity leaders must expand their focus from just their own network's hygiene to the hygiene of their entire supply chain.

3. See Risk Like the Adversary.

Predictive risk metrics reveal that every manufacturing sub-industry carries an average susceptibility score that places them in the critical risk category of experiencing a ransomware attack. The ability to forecast which of your suppliers are most likely to suffer a ransomware attack is a strategic asset, allowing you to proactively mitigate risk and prevent a major disruption to your production line.

4. The Threat Has Evolved, and So Should Your Defense.

The ransomware landscape is becoming more fragmented and unpredictable, with new groups emerging and using tactics like AI-assisted reconnaissance and double-targeting of victims. This means you need a dynamic, intelligence-led approach to security. Tools that combine supply chain monitoring with early warning signals are essential for staying ahead of these evolving threats and protecting your business and operational stability.

About the Research

Research Scope

The companies analyzed were selected from the following sub-industry categories, all with annual revenues exceeding $1 billion. Source: Usearch

NAICS Code	Industry Name
325	Chemical Manufacturing
336	Transportation Equipment Manufacturing
334	Computer and Electronic Product Manufacturing
327	Nonmetallic Mineral Product Manufacturing
324	Petroleum and Coal Products Manufacturing
311	Food Manufacturing
331	Primary Metal Manufacturing
326	Plastics and Rubber Products Manufacturing
337	Furniture and Related Product Manufacturing
313	Textile Mills

Total Sample Size: 1,042 companies

Number of Sample Companies in Each Subindustry

TABLE OF CONTENTS

01 | RANSOMWARE TRENDS

Why manufacturing is still the #1 target

02 | KEY RISK TRENDS

Forward-looking metrics that serve as an early warning system

03 | SUPPLY CHAIN WEAK LINKS

Security controls that serve as entry points for threat actors

04 | TOP KEVS

Security controls that serve as entry points for threat actors

05 | NEXT STEPS

Your guide to proactive, intelligence-driven third-party cyber risk management.

06 | METHODOLOGY

Learn about the methodology behind our primary research.