Methodology of the Report

1. Data Sources and Scope

This report integrates various intelligence streams collected and curated by the Black Kite Research Group between April 2024 and March 2025. The ransomware-related data includes only publicly disclosed attacks that have been attributed to a known ransomware group. All technical findings and risk analyses in the report are derived from the Black Kite platform's proprietary telemetry and publicly available information. This data is supplemented by intelligence gathered from surface, deep, and dark web sources. External resources, such as the CISA Known Exploited Vulnerabilities (KEV) Catalog, were also incorporated into the analysis process.

2. Industry Classification and Sample Selection

To ensure analytical consistency, industry classifications were aligned with NAICS (North American Industry Classification System) codes. The report focuses on 1,042 companies selected from 10 specific NAICS sub-sectors representing the manufacturing industry. The primary criterion for sample selection was that companies have annual revenues exceeding $1 billion. This ensures that the analysis reflects the impact on large-scale organizations that play a critical role in global supply chains. The company list was verified using the Usearch database.

3. Risk Posture Analysis

For each company analyzed, the Black Kite platform was used to assess the organization's cybersecurity posture using an external, non-intrusive method. This analysis provides an attacker's view of each company's attack surface, vulnerabilities, and overall risk levels, enabling a comparative analysis of factors like ransomware susceptibility.

4. Data Standardization and Integrity Controls

To ensure data consistency and prevent the inflation of figures, a standard incident counting methodology was applied. For example, attacks targeting a holding company or its multiple subsidiaries, if understood to be a single campaign, were counted as a single incident unless distinct disclosures existed. This approach ensures a more accurate reflection of the true scale of attacks

5. Technical Ratings Explained

The Black Kite Technical Rating ranges from 0 to 100 and covers 19 risk categories. Scores are also translated into letter grades for clarity:

• A (Excellent): 90–100
• B (Good): 80–89
• C (Fair): 70–79
• D (Poor): 60–69
• F (Failing): 0–59

6. Limitations

This report reflects only publicly disclosed ransomware incidents and externally observable risk indicators. Many breaches, especially those involving smaller organizations or those resolved discreetly, go unreported. Consequently, the findings in this report represent a conservative lower bound of the systemic third-party risk exposure in the manufacturing sector. Furthermore, as the analysis is based on an external perspective, the internal security controls and policies of the companies are outside the scope of this assessment.