Kaspersky in collaboration with VDC Research announced that in the first three quarters of 2025 ransomware attacks on manufacturing organizations could have generated over $18 billion in losses.
This figure reflects just the direct cost of an idle workforce during downtime, with overall operational and financial impacts far exceeding this amount. Estimations were made across APAC, Europe, the Middle East, Africa, CIS and LATAM based on the share of manufacturing organizations where ransomware attempts were detected and prevented, the total number of manufacturing organizations in each region, average downtime hours after real attacks, average number of employees per organization and average hourly pay.
According to Kaspersky Security Network from January to September 2025, the Middle East (7%) and Latin America (6.5%) led the regional rankings in terms of ransomware detections in manufacturing organizations. APAC (6.3%), Africa (5.8%), CIS (5.2%) and Europe (3.8%) followed. All of these attacks were blocked by Kaspersky solutions. The estimation of potential losses (below) shows the financial impact if these attacks succeeded.
When ransomware hits, production lines halt, triggering immediate revenue losses from an idle workforce and longer-term shortfalls from reduced output. The average attack lasts 13 days (based on Kaspersky Incident Response Report). As a result, idle labor costs from ransomware in the first three quarters of 2025 could have reached:
- $11.5 billion in APAC
- $4.4 billion in Europe
- $711 million in LATAM
- $685 million in the Middle East
- $507 million in CIS
- $446 million in Africa
Actual business losses could have been significantly higher when factoring in supply-chain disruptions, reputational damage, and recovery expenses.
“Our research provides an estimation of the financial impact that ransomware may have had on manufacturing worldwide. The growing complexity of manufacturing environments, along with widening expertise gaps and ongoing labor challenges, makes it difficult for most organizations to manage cybersecurity effectively, but failure to do so may result in financial losses – followed by reputational blows as well. Partnering with proven cybersecurity vendors is paramount for effective IT, OT and IIoT protection,” comments Jared Weiner,Research Director, Industrial Automation & Sensors at VDC Research.
“No region is exempt from ransomware – whether it’s the Middle East, LATAM, APAC, CIS, Africa or Europe, every manufacturing hub is constantly being targeted. Mid-tier manufacturers that could have been overlooked by threat actors in the past are also among the targets because their security budgets are smaller and their supply chain disruption effects can be larger than most realize. The manufacturing sector and all other organizations need reliable, proven defense systems and continuous user education,” comments Dmitry Galov, Head of Research Center for Russia and CIS at Kaspersky's GReAT.
More information about ransomware in different regions is available in Kaspersky’s 2025 State of Ransomware Report.
Kaspersky encourages organizations to follow these best practices to safeguard from ransomware:
- Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
- For comprehensive protection of industrial and critical sectors, Kaspersky offers a distinctive ecosystem that seamlessly integrates dedicated OT-grade technologies, expert knowledge and invaluable expertise. At the core of this ecosystem is Kaspersky Industrial CyberSecurity (KICS), a native Extended Detection and Response (XDR) platform designed for critical infrastructure protection. It provides robust network traffic analysis, along with endpoint protection, detection and response capabilities. This comprehensive solution integrates traditional IT security measures with purpose-built industrial security technologies, ensuring that your company is well-equipped to face any threat.
- Companies from non-industrial sector can protect themselves by installing anti-APT and EDR solutions that enable capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Organizations can also provide their SOC teams with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Next.
- CISO's from Pharmaceuticals, Chemicals and Petrochemicals, Automotive, Electronics and Semiconductors, Food and Beverage industries could use the Kaspersky OT Cybersecurity Savings Calculator to estimate potential breach costs, quantify downtime and other expenses, and build a compelling business case for targeted OT security investments specifically designed for manufacturing environments. Explore it here: Kaspersky OT Cybersecurity Savings Calculator.
About VDC Research
Founded in 1971, VDC Research provides in depth insights to technology vendors, end users, and investors across the globe. As a market research and consulting firm, VDC’s coverage of AutoID, enterprise mobility, industrial automation, and IoT and embedded technologies helps our clients make critical decisions with confidence. Offering syndicated reports and custom consultation, our methodologies consistently provide accurate forecasts and unmatched thought leadership for deeply technical markets. Located in Southborough, Massachusetts, VDC prides itself on its close personal relationships with clients, delivering an attention to detail and a unique perspective that is second to none.
