02 | KEY RISK TRENDS
Key Risk Indicators: Look Deeper than Cyber Ratings to Find Real Risk
On the surface, manufacturing companies appear to have a strong cybersecurity posture. Most are scoring an A or B in cyber ratings, which might suggest a healthy risk environment.
However, this high-level view can create a false sense of security. Cyber ratings only tell a partial story, and even highly rated companies may have key risk indicators (KRIs) that signal immediate danger.
Key risk indicators are forward-looking metrics that serve as an early warning system, predicting potential threats before they escalate into serious incidents. While cyber ratings provide an overall picture of security posture, KRIs uncover the hidden, active vulnerabilities that threat actors are actively exploiting in the wild.
When we look beyond the surface-level ratings, the data reveals a stark reality:
A staggering 75% of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or above.
Over two-thirds (65%) of the companies have at least one vulnerability from the CISA Known Exploited Vulnerabilities (KEV) Catalog, meaning these weaknesses are already being exploited by threat actors.
The number of companies that experienced a ransomware attack increased by 9% compared to the previous year.
of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or above
Cyber Rating Distribution Across Manufacturing Sub-Industries
Cyber Rating Distribution % Across Manufacturing Sub-Industries
Key Risk Indicators
This data points to a dangerous disconnect between perceived security and actual risk.
While overall cyber ratings may appear favorable, the presence of critical, unpatched vulnerabilities and known exploited weaknesses shows that basic security controls are being widely neglected. The significant increases in both data breaches and ransomware attacks are a direct consequence of these foundational issues.