Dive Brief:
- The manufacturing sector represented 27.7% of all cyberattacks in 2025 — the highest percentage of all industries covered in the report, according to IBM X-Force’s latest report,
- Exploitation of public-facing applications was the most common way that attackers breached manufacturing systems, accounting for 32% of all observed cases. Sixteen percent used valid accounts, and 11% used external remote services, reflecting attackers' reliance on “exploiting misconfigured or insufficiently secured access points.”
- As in previous years, the Asia-Pacific region saw the most manufacturing-related incidents, accounting for 68% of attacks. North America followed at 23%, along with Europe at 5% and Latin America at 2%.
Dive Insight:
Last year saw a “surge in broad‑based exploitations of exposed systems, weaknesses in software supply chains and growing systemic dependencies across cloud and application ecosystems” in multiple industries, but especially manufacturing and finance/insurance, IBM’s X-Force said in its report.
In particular, the report highlighted a growing number of complex software vulnerabilities and increasing adoption of chatbots and other artificial intelligence platforms, all of which gave attackers a wider array of targets.
The prevalence of cyberattacks in manufacturing underscores the sector’s “critical role in global supply chains and the high value of operational and intellectual property data,” the report said. It added that these factors, along with complex operational technology environments, continue to make manufacturing an attractive target for attackers in 2026.
Once attackers managed to penetrate manufacturing systems, they often tried to take control, compromise systems and/or steal valuable data. Most commonly, they inserted malware focused on disrupting operations or engaging in financial extortion, accounting for 45% of observed attacks.
Almost a third of attackers used compromised credentials to access administrative or information technology tools like remote management utilities, scripting tools, built-in operating system functions and commercial IT software. “Threat actors prefer these because they help them blend into normal [business] activities, and their behaviors do not trigger alarms the way malware often does,” said Ryan Anschutz, North American incident response lead at IBM X-Force, in an email.
According to X-Force, cyberattacks harmed manufacturers in several ways. Forty percent of attacks involved data theft that targeted financial assets and intellectual property such as trade secrets.
Cyberattacks also damaged brand reputations in 20% of cases, which “underscored the broader business and social consequences of cyber incidents,” the report said. In addition, 10% of attackers harvested credentials to allow future access.
“Overall, 2025 highlighted a clear message: Identity protection, secure configuration and visibility across applications, development pipelines and cloud environments are increasingly central to cyber resilience,” the report said.
X-Force said it pulled data from incident response and penetration tests, the dark web and other threat intelligence sources for its report.
