Black Kite recently unveiled findings from its 2025 Manufacturing Report: Why Your Supply Chain is Your Biggest Cyber Risk report in providing insight on how manufacturing's rapid digital transformation has exposed an expansive attack surface through interconnected supply chains.
"Manufacturing's greatest vulnerability isn't its own network – it's the massive, interconnected supply chain that keeps the business running," said Fehart Dikbiyik, Chief Research & Intelligence Officer, Black Kite. "As more manufacturers continue digital transformation in the years following COVID-19, their expanding supply chains create a larger attack surface.
"At the same time, the speed at which new vulnerabilities are introduced has left organizations struggling to patch critical exposures in a timely manner, increasing their ransomware susceptibility. Our findings reveal that cybercriminals are not attacking indiscriminately; they are deliberately targeting this industry because they know its operational continuity is critical and any disruption can cause a cascading effect through global supply chains."
Key findings included:
- The sector's pervasive pattern of security vulnerabilities has resulted in manufacturing remaining ransomware's number one target for the fourth year in a row, with the number of attacks increasing by nine percent over last year. A significant driver of this increase is the supply chain. New and smaller ransomware groups are targeting smaller organizations to gain a foothold in the larger manufacturing ecosystem. This strategy allows attackers to bypass the more robust defenses of large manufacturers by exploiting their less secure third-party suppliers.
- Among companies earning over $1 billion, manufacturing comprises a staggering 38.9 percent of ransomware victims. The trend continues for companies earning between $100 million and $300 million, as manufacturing accounts for 30 percent of ransomware victims.
- 75 percent of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher, and 65 percent have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog, meaning these weaknesses are already being exploited by threat actors.
- The number of companies with leaked credentials (15 percent in the last 90 days) and those with critical stealer logs findings further underscores the supply chain risk.
Black Kite also offers some mitigation steps for manufacturers to consider:
- Proactive Third-Party Cyber Risk Management. Attackers use suppliers as an on-ramp into the network. Manufacturers need a robust third-party cyber risk management (TPRM) program that goes beyond simple vendor questionnaires to identify, assess, monitor, and mitigate risks across the third-party ecosystem.
- Focus on Foundational Cyber Hygiene. Security leaders must prioritize patch management for critical vulnerabilities that are actively exploited in the wild, and extend this focus beyond their own network's hygiene to the entire supply chain.
- Ransomware Susceptibility is a Predictor. Black Kite's Ransomware Susceptibility Index (RSI™) is not just an indicator for an organization but is a powerful tool to assess third-party suppliers' likelihood of being a victim. Knowing which suppliers are at the highest risk enables proactive risk mitigation and prevents a production line disruption.
- The Threat Has Evolved, So Should Defenses. The ransomware landscape is more fragmented and unpredictable, with new groups emerging and using tactics like AI-assisted reconnaissance and double-targeting victims. Security teams need a dynamic, intelligence-led approach. Tools that combine supply chain monitoring with early warning signals are essential for staying ahead of evolving threats.
To read the report, click here.
