06 | METHODOLOGY
Methodology of the Report
The data presented in this report is the result of a multi-source, intelligence-led investigation by the Black Kite Research Group.
It synthesizes extensive cyber threat intelligence, ransomware tracking, cyber risk telemetry, and sectoral analysis to provide a comprehensive view of systemic third-party vulnerabilities in the manufacturing sector.
1. Data Sources and Scope
This report integrates various intelligence streams collected and curated by the Black Kite Research Group between April 2024 and March 2025. The ransomware-related data includes only publicly disclosed attacks that have been attributed to a known ransomware group. All technical findings and risk analyses in the report are derived from the Black Kite platform's proprietary telemetry and publicly available information. This data is supplemented by intelligence gathered from surface, deep, and dark web sources. External resources, such as the CISA Known Exploited Vulnerabilities (KEV) Catalog, were also incorporated into the analysis process.
2. Industry Classification and Sample Selection
To ensure analytical consistency, industry classifications were aligned with NAICS (North American Industry Classification System) codes. The report focuses on 1,042 companies selected from 10 specific NAICS sub-sectors representing the manufacturing industry. The primary criterion for sample selection was that companies have annual revenues exceeding $1 billion. This ensures that the analysis reflects the impact on large-scale organizations that play a critical role in global supply chains. The company list was verified using the Usearch database.
3. Risk Posture Analysis
For each company analyzed, the Black Kite platform was used to assess the organization's cybersecurity posture using an external, non-intrusive method. This analysis provides an attacker's view of each company's attack surface, vulnerabilities, and overall risk levels, enabling a comparative analysis of factors like ransomware susceptibility.
4. Data Standardization and Integrity Controls
To ensure data consistency and prevent the inflation of figures, a standard incident counting methodology was applied. For example, attacks targeting a holding company or its multiple subsidiaries, if understood to be a single campaign, were counted as a single incident unless distinct disclosures existed. This approach ensures a more accurate reflection of the true scale of attacks
5. Technical Ratings Explained
The Black Kite Technical Rating ranges from 0 to 100 and covers 19 risk categories. Scores are also translated into letter grades for clarity:
- A (Excellent): 90–100
- B (Good): 80–89
- C (Fair): 70–79
- D (Poor): 60–69
- F (Failing): 0–59
6. Limitations
This report reflects only publicly disclosed ransomware incidents and externally observable risk indicators. Many breaches, especially those involving smaller organizations or those resolved discreetly, go unreported. Consequently, the findings in this report represent a conservative lower bound of the systemic third-party risk exposure in the manufacturing sector. Furthermore, as the analysis is based on an external perspective, the internal security controls and policies of the companies are outside the scope of this assessment.