Cyber-security firms Kaspersky and VDC Research have estimated that global manufacturing organisations could incur losses exceeding US$18 billion in the first three quarters of 2025 due to ransomware attacks disabling production-line operations. According to their joint analysis, based on data from the Kaspersky Security Network, the average incident leads to around 13 days of operational disruption, with labour costs alone accounting for billions of dollars.

The losses were calculated by modelling the number of manufacturing organisations that experienced detected and prevented ransomware attempts, average downtime hours per attack, number of employees affected and average hourly labour cost. The study covers regions including Asia-Pacific, Europe, the Middle East, Africa, the Commonwealth of Independent States and Latin America. APAC accounts for the bulk of the exposure, with an estimated idle-labour cost of US$11.5 billion, followed by Europe at US$4.4 billion. LATAM is estimated at US$711 million, the Middle East at US$685 million, CIS at US$507 million and Africa at US$446 million. All these losses reflect only the direct cost of idle labour; additional impacts from supply-chain disruption, reputational damage and remediation are likely to raise the actual total.

The data from the Kaspersky Security Network reveal that the highest proportion of manufacturing organisations encountering ransomware detections are in the Middle East and Latin America. APAC exhibits a rate of 6.3 %, Africa 5.8 %, CIS 5.2 % and Europe 3.8 %. Kaspersky's own solutions reportedly blocked these threats before full breach, but the modelling scenario assumes a worst-case impact if they had been successful. The findings underscore the fact that ransomware threats are not confined to high-profile targets; mid-tier manufacturers with smaller security budgets are increasingly at risk.

Industry observers note the convergence of IT, operational technology and industrial Internet of Things systems within manufacturing environments has heightened vulnerability. As automation proliferates and supply-chain interconnectivity deepens, disruption to one production line can cascade across global networks. Jared Weiner, Research Director for Industrial Automation & Sensors at VDC Research, said the growing complexity of manufacturing platforms and widening skills gaps make it difficult for many organisations to maintain robust cybersecurity. Dmitry Galov, head of the GReAT research centre at Kaspersky, added that no region is exempt from ransomware risk and that smaller manufacturers may face outsized disruption due to less resilience.

The report also highlights that the average duration of a ransomware‐induced operational disruption is 13 days, a period over which production may stall, orders cannot be fulfilled and downstream partners may be impacted. The referenced modelling assumes that the workforce remains idle for the full duration, representing a conservative estimate of true economic impact. The broader losses could balloon when considering equipment damage, customer churn, regulatory pressure and brand erosion.

Key trends emerging from the study point to a shift in ransomware behaviour. Attackers are targeting manufacturing ecosystems via supply-chain access, exploiting legacy OT systems and leveraging downtime costs as pressure for payment. Rather than mass indiscriminate campaigns, threat actors are increasingly applying“big game hunting” strategies focused on industrial sectors whose operations are inherently time-sensitive. In parallel, cybersecurity vendors report that threat actors are beginning to exploit artificial-intelligence tools to automate reconnaissance and accelerate lateral movement in OT networks.

Notice an issue? Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

MENAFN25112025000152002308ID1110396527