Kaspersky and VDC Research Warn of $18B Ransomware Risk to Global Manufacturing in 2025
Kaspersky, in partnership with VDC Research, has revealed that ransomware attacks targeting manufacturing organizations during the first three quarters of 2025 could have resulted in more than $18 billion in losses worldwide. The estimate represents only the direct cost tied to idle labor during production downtime, with total operational and financial damages likely far exceeding this figure when factoring in disruptions across supply chains, reputational harm, and recovery expenses.
The analysis covers APAC, Europe, the Middle East, Africa, CIS, and Latin America, drawing on ransomware detection data, the number of manufacturing organizations per region, average downtime hours following real attacks, and average workforce size and hourly compensation. All recorded ransomware attempts were successfully blocked by Kaspersky solutions, offering a view into the potential scale of damage had these attacks succeeded.
Between January and September 2025, the Middle East (7%) and Latin America (6.5%) recorded the highest share of ransomware detections within manufacturing, according to Kaspersky Security Network data. APAC (6.3%), Africa (5.8%), CIS (5.2%), and Europe (3.8%) followed.
If the blocked attacks had been successful, idle workforce losses during the average 13-day downtime associated with ransomware incidents (according to the Kaspersky Incident Response Report) could have reached:
$11.5 billion in APAC
$4.4 billion in Europe
$711 million in Latin America
$685 million in the Middle East
$507 million in CIS
$446 million in Africa
The findings underline the severe financial consequences manufacturing companies face when production lines are halted, with both immediate revenue losses and longer-term impacts from reduced output.
Jared Weiner, Research Director of Industrial Automation & Sensors at VDC Research, said:
«Our research provides an estimation of the financial impact ransomware may have had on manufacturing worldwide. The increasing complexity of manufacturing environments, along with widening expertise gaps and ongoing labor challenges, makes cybersecurity management difficult for many organizations. Failure to address these issues can lead to significant financial losses followed by reputational damage. Partnering with proven cybersecurity vendors is essential for effective IT, OT, and IIoT protection.»
Dmitry Galov, Head of the Research Center for Russia and CIS at Kaspersky’s GReAT, commented:
«No region is exempt from ransomware. Whether in the Middle East, LATAM, APAC, CIS, Africa, or Europe, manufacturing hubs are consistently targeted. Mid-tier manufacturers, once overlooked, are now increasingly vulnerable due to smaller security budgets and the potential for large-scale supply chain disruption. The sector urgently needs reliable, proven defense solutions and continuous user education.»
The full regional breakdown and further insights are available in Kaspersky’s 2025 State of Ransomware Report.
Kaspersky recommends that organizations enhance their defenses by enabling ransomware protection across all endpoints, deploying specialized OT-grade cybersecurity systems such as Kaspersky Industrial CyberSecurity (KICS), and equipping SOC teams with advanced anti-APT and EDR tools, threat intelligence, and regular training. These capabilities are offered within the Kaspersky Next Expert ecosystem.