If there is one place where the digital and physical worlds collide with real consequences, it is manufacturing. In 2025, that collision turned into a full-blown crisis.
Cyberattacks on the manufacturing sector surged dramatically, with ransomware incidents alone jumping 56 percent in a single year. Out of 7,419 global ransomware cases, nearly half targeted manufacturing, making it the single most attacked industry in the world.
But beyond the global numbers lies a story that hits closer to home. India has quietly become one of the most impacted nations in this unfolding crisis. In fact, it emerged as the ransomware epicentre of the Asia Pacific region in 2025, with 65 percent of affected companies choosing to pay up. The average payout stood at a steep 1.35 million dollars, a reflection of how costly downtime can be for industries that run on tight schedules and even tighter margins.
What makes manufacturing such an attractive target is simple. When a factory stops, everything stops. Production halts, supply chains freeze, and losses begin to mount by the minute. Attackers understand this urgency and exploit it ruthlessly.
In India, the impact has gone far beyond isolated incidents. Attacks have disrupted sectors ranging from textiles to engineering and even extended into critical infrastructure like energy and railways. In one instance, ransomware wiped servers and databases across essential systems, sending shockwaves across interconnected industries.
Globally, the pattern is similar. Countries like the United States, Germany and the United Kingdom continue to face heavy targeting, but India's rapid industrial growth and digital adoption have made it especially vulnerable. Many organisations still rely on legacy operational technology systems, which were never designed with cybersecurity in mind. Add to this the growing complexity of supply chains, and the risk multiplies.
Then there is the human factor. Nearly a quarter of attacks still begin with something as simple as a phishing email. But these are no longer easy to spot. With artificial intelligence now in the mix, phishing messages have become sharper, more personalised and far more convincing. Even experienced professionals are finding it harder to tell what is real and what is not.
Meanwhile, cybercrime itself has become more organised. Groups like Akira and Qilin operate like businesses, offering ransomware as a service and scaling attacks across geographies. Akira alone is believed to have generated around 244 million dollars by late 2025.
Supply chains have emerged as another weak link. Attacks in this space nearly doubled in a year, as hackers realised that breaching a single vendor can open doors to multiple companies. For a country like India, deeply integrated into global manufacturing networks, this creates a ripple effect that can travel far beyond one organisation.
Looking ahead, the challenge is only going to intensify. In 2026, cyberattacks are expected to become faster, smarter and more targeted. There is already a noticeable shift from locking systems to stealing data and threatening to leak it. It is quicker, more efficient and often more damaging.
So where does that leave manufacturers?
It means cybersecurity can no longer sit in the background as a technical function. It has to move to the centre of business strategy. From adopting zero trust frameworks to strengthening supply chain oversight and investing in employee awareness, the need of the hour is proactive defence.
For India, this moment is both a warning and an opportunity. As the country continues its journey to become a global manufacturing powerhouse, building cyber resilience will be just as important as building physical infrastructure.
Because in today's world, the strength of a factory is no longer measured only by its machines, but also by how well it can defend them.
India's manufacturing sector ranked second globally in cyberattacks in 2025, with industrial credentials selling for up to $70,000 on dark web markets. The vulnerability is structural: fragmented identity systems, overprivileged access, and OT environments running without multi-factor authentication give ransomware groups a direct path in. Manufacturers need passwordless authentication, continuous verification, and least-privilege access enforced across IT and OT. Identity is infrastructure now, and unprotected credentials remain the weakest link across India's industrial supply chains.
Siddharth Gandhi COO – Asia Pacific, 1Kosmos
