Orange Cyberdefense has identified manufacturing as the worst-hit sector for cyber extortion, with 1,228 confirmed victims recorded between October 2024 and September 2025.
The figure is more than four times the cross-industry average of 292 victims and represents a 32% year-on-year increase. Manufacturing’s exposure reflects the combination of high operational pressure, expanding digital connectivity, and production environments where downtime can quickly escalate commercial losses.
Internal activity remains a major source of risk. Orange Cyberdefense found that 68% of incidents originated from inside manufacturing organisations, with employee misuse accounting for 65% of identified threat actions. That misuse is often non-malicious, involving shadow IT, software workarounds, or inappropriate access practices that create openings for attackers.
End-user devices were involved in around 73% of incidents, making mobiles and laptops a significant exposure point. In manufacturing environments, those devices often connect office systems, remote access tools, maintenance activity, and operational networks, increasing the difficulty of maintaining consistent security controls.
Dr Ric Derbyshire, Principal Security Researcher, Orange Cyberdefense, said: “The digital transformation of the manufacturing industry has widened attack surfaces significantly, thanks to IT / OT convergence. In many cases, IT systems remain the primary target of attacks, but since these systems are more integrated with the production line, OT often gets caught in the blast radius and the fallout can cause disruption on a vast scale.”
Recovery also takes longer in manufacturing than it does across the broader economy. Orange Cyberdefense reported a mean time to resolve of 45 hours for confirmed manufacturing incidents, compared with a cross-industry average of 40 hours.
Plant environments complicate incident response because physical safety, process integrity, equipment state, and restart procedures have to be considered alongside IT recovery. The full Security Navigator 2026 report is available from Orange Cyberdefense.
