Survey: Companies in manufacturing/production less likely to pay ransoms

Off all the industries pummeled by ransomware this past year, manufacturing and production are among the toughest when it comes to ransom payments and data retrieval.

That, according to Sophos’ most recent report on The State of Ransomware in Manufacturing and Production 2021 

The report is based on the findings from an independent survey of 5,400 IT decision makers, including 438 in the manufacturing and production sector, conducted at the start of 2021. As it turns out, companies in this sector are least likely to submit to a ransom demand and most likely to restore encrypted data from backups.

Among the survey findings:

  • Just 19% of organizations whose data was encrypted paid attackers to decrypt their files, compared to a global average of 32%. 
  • 36% of respondents were hit with ransomware last year -- in line with the global average of 37%.
  • 68% of those whose data was encrypted restored it using backups, a rate considerably above the global average (57%).
  • 9% of ransomware victims suffered extortion-based attacks.
  • This rate of extortion is higher than the global average of 7% and may also be linked to the high use of backups, which forces adversaries to find other ways to make money from victims.

“Backups are vital, but they cannot protect against this risk, so manufacturing and production businesses should not rely on them as an anti-extortion defense,” said Chester Wisniewski, principal research scientist at Sophos. “Organizations need to extend their anti-ransomware defenses by combining technology with human-led threat hunting to neutralize [the threat].”

According to the report (blog post here), the overall cost for organizations to recover from an attack last year was $1.52 million.

That’s certainly a lot of money, but less than the global average of $1.85 million.

While manufacturing and production companies are coming out ahead in these areas, respondents fully expect future attacks. Of those not hit by ransomware last year, 77% expect to be hit in the future.

Meanwhile, 2020 was brutal overall for IT teams in this sector. Like many others, they were forced to deal with the COVID-19 pandemic. During that period:

  • Just 7% experienced a drop in their cyber workload vs. a global average of 13%.
  • This industry also had the fewest respondents who saw improved response time to IT cases (15% vs. a global average of 20%).
  • The silver lining: cyber skills also increased, with 71% of respondents saying their team’s ability to further develop cybersecurity knowledge and skills increased.


To reduce the threat, Sophos recommends that organizations:

  • Ensure they have robust ransomware and malware protection in place
  • Remain vigilant about emerging vulnerabilities on Internet-facing software products they operate on their networks.
  • Shift some products to vendor-hosted software-as-a-service, which can mitigate some of these risks, as vendors typically patch vulnerabilities in their own deployments of software faster than they can be deployed by on-premises customers.
  • Fully deploy malware protection on servers and endpoint devices
  • Monitor products to catch attacks that trigger detections or alerts before an attacker with administrative access can defeat protections.
  • Have effective data backup practices and business continuity plans, regardless of their size, to ensure that they can survive attacks.
Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.