Just released: How to raise venture capital in 2023


Ransomware Insights: Why Hackers Are Targeting Manufacturers


Key Takeaways

Matt McKenna Scale Underwriting
Matt McKenna

Underwriting Manager

None of us can deny that 2020 unleashed its unique fury upon us. Not only did our personal lives take a huge hit, but businesses worldwide suffered from an array of threats. Some industries hurt more than others. And unfortunately, there’s been a recent spike in ransomware attacks on manufacturers — but why? Here’s what we know about these attacks and how to protect your company against them. 

Understanding Ransomware 

Ransomware is a cybercrime that is as vicious as it sounds. Cybercriminals use malicious software to encrypt a target company’s files, making them inaccessible. Only by paying a ransom — usually in bitcoin — can the company regain access to their files. Sometimes, these ransoms can be astronomical amounts of money, ranging from hundreds to millions of dollars. 

You might also like: Rise of Ransomware: How to Protect Your Business

It’s no surprise that cybercriminals have all but perfected their attack methods. Phishing and social engineering remain the two most common ways to gain entry. Briefly, phishing is a malicious link in a seemingly innocent email from an outsider, while social engineering is similar, but the email appears to come from a trusted source. In either case, the receiver opens the email, clicks the link, and the cybercriminal gains entry.

Sadly, 13.9% of manufacturers reported that they experienced a ransomware attack in the past 12 months. These stark figures mean that the manufacturing industry is the second-most targeted market to date, with only the government sectors targeted more. It’s no surprise that attacks on manufacturers tripled in 2020.  

Why Threats Against Manufacturers Are Spiking 

Before we dive into the threat against manufacturers, let’s get some perspective by examining another genus for a moment. Some creatures in the animal kingdom are what we humans call opportunistic eaters. They’ll eat nearly anything that crosses their paths if they’re hungry, mainly preying on the perceived weaknesses of other animals. Lamentably, cybercriminals aren’t too far off from these hungry critters. 

Cybercriminals have identified what they consider to be weaknesses in the manufacturing industry. For example, many manufacturers’ industrial control systems have weak security, making it a bullseye. Also, manufacturers can’t afford downtime, or even a pause in production ransomware typically causes. So, cybercriminals know they’re getting paid after executing a ransomware attack.

In 2019, the ransom payments from the manufacturing industry totaled a whopping $6.9 million. These payments made up 62% of all ransomware payments that year, and 2020 has only gotten worse. But we can’t point the finger at these target companies. Not a single one invited any criminal into its system, no doubt. Perhaps a better idea would be to look at the situation from all angles, including from a cybercriminal’s perspective.

Lastly, we must remember that this “opportunistic” approach isn’t merely based on industry type. Cybercriminals have more than exploited the pandemic, attacking anything that even remotely appears to be vulnerable. So, let’s review some ideas that might help to slow down these attacks. 

Way to Slow Down the Attacks 

Naturally, the manufacturing industry isn’t the only one that cybercriminals are targeting. Several other sectors fall closely behind manufacturing as being highly targeted, including construction, healthcare, professional services, to name a few. So what are these industries doing to ward off attacks that manufacturers could adopt?

As a leading manufacturer, it is crucial to formulate a comprehensive plan that articulates optimal strategies for managing cybersecurity risks effectively. This proactive approach is instrumental in minimizing your company’s vulnerability to cyber threats, ultimately working towards reducing risk. Consider enhancing employee training in cybersecurity and fortifying your IT network security measures. Implementing these measures and exploring additional proactive steps can significantly mitigate the potential for a catastrophic cyber attack.

Also, you must know and make visible every asset in your company. Without this vital information, you could get lost in the supply chain or orchestrate operations with inaccurate data. Sure, manufacturers often rely on a complicated chain of suppliers, and it’s easy for one bit of data to blend into another. However, keeping track of your inventory and suppliers will add one more much-needed layer of protection against hackers. 

Risk Management Ideas to Consider

Every company, including manufacturers, should develop a risk management plan. This strategy typically involves strategic best practices, system and operational upkeep, and well-placed insurance policies. Aside from the foundational general liability policy, the following are a handful of the most popular coverage for manufacturers. For a more detailed review, please visit our Manufacturing page. 

Cyber Liability 

Cyber insurance protects companies from third-party lawsuits relating to electric activities (i.e., phishing scams). Plus, it offers many recovery benefits, supporting data restoration and reimbursement for income lost and payroll spent.

Errors & Omissions

Professional liability, also known as errors and omission (E&O) insurance, covers companies in third-party or client lawsuits claiming substandard work or service. Work errors or oversights, missed deadlines, budget overruns, etc., often result in costly cases — but E&O insurance responds to these mishaps.


Whether it’s a devastating fire, natural disaster, or burglary, property insurance responds. This policy reimburses companies for direct property losses, supporting recovery and momentum. 

Product Liability

Companies offering tangible products or services risk third-party lawsuits claiming bodily injury or property damage. Consider McDonald’s notorious “Hot Coffee” case in the 1990s, for example. No matter if the claims are grounded or not, this policy covers defense fees and settlements.

Understanding the details of what coverage your company needs can be a confusing process. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you. 

Want to know more about commercial insurance for manufacturing companies? Talk to us! Please contact us at info@foundershield.com or create an account here to get started on a quote.

Related Articles

fintech rules and regulations
April 11 • Risk Management

Fintech Rules: Regulations Finance Leaders Need to Know

Master the fintech rulebook! This post breaks down essential regulations finance leaders must understand to ensure their business operates compliantly in the ever-evolving fintech landscape.

cyber insurance pricing trends 2024
March 13 • Cyber Liability

Cyber Insurance Pricing Trends 2024

Uncertain about cyber insurance costs in 2024? Our article explores pricing trends, expert predictions on rate increases, and strategies to potentially reduce your cyber insurance premium.

cyber liability insurance premiums
March 4 • Cyber Liability

7 “Must Haves” For Cyber Liability Insurance in 2024

With cyber liability insurance premiums rising, business leaders must have the inside scoop to keep costs low. Our partners at Blacksmith InfoSec delve into those tips and tricks.

fintech legal risks
February 29 • Risk Management

7 Legal Issues Every Fintech Should Avoid (and How to Diffuse Them!)

With the emergence of new and disruptive technologies, it’s no surprise that fintech legal risks abound for this innovative industry. Let’s break down these threats and provide solutions that will keep pace with the market.

leverage business insurance
February 27 • Risk Management

How to Leverage Your Business Insurance — 5 Tips

When was the last time you considered how to leverage your business insurance? It’s more than a safety net. In fact, this approach can give you a unique edge. Here’s how.

saas cyberattacks
December 11 • Risk Management

How SaaS Companies Can Avoid New Cyberattacks in 2024

Avoiding SaaS cyberattacks means teaming innovative technologies (like AI) with traditional risk management (like education) to stay ahead of the curve. We can show you how.