2025 isn’t over yet, and it’s already been the biggest wake-up call to date for industrial organizations. Cybersecurity risks are increasing in both scale and sophistication, and manufacturing continues to be the main target.

Under more pressure than ever to protect their systems, many organizations are still acting on the assumption that proactive prevention will keep their operations safe and running. In reality, hackers can break through first walls of defense and wreak operational havoc, as we recently saw with the Jaguar Land Rover incident in September. Prevention is only a part of the equation, and relying on it entirely leaves you susceptible to widespread impact when an incident inevitably occurs.

Instead, security strategies that balance proactivity with reactivity will best equip manufacturers to handle attacks the rest of the year and into 2026.

Today’s growing threat landscape

Recent reports and attacks have provided a stark reality check on the industrial sector’s vulnerable state. Currently, the most common and disruptive threat to manufacturers is ransomware. According to Dragos’ Q2 analysis, nearly 1,400 ransomware incidents occurred against industrial entities in the first half of 2025, with the majority targeting the North America region.

A few of the attack victims this year include:

• Jaguar Land Rover (JLR), who halted production soon after discovering the breach and spent over a month completing cyber forensic analysis among other remediation measures before bringing their systems back online. This extended downtime resulted in an estimated $68 million in losses per week, impacted suppliers, and significant reputational damage for the company.
• Unimicron Technology, one of the world’s top printed circuit board (PCB) manufacturers who had its IT systems targeted in late January. Hackers threatened to leak stolen data unless their demanded ransom was paid, and Unimicron’s operations were temporarily halted as a result of the breach.
• Data I/O, a chip programming solutions provider who was forced to shut down its systems for weeks this past August in the wake of a ransomware attack, impacting manufacturing, shipping, communications, and more.

Unexpected operational downtime as a result of a ransomware attack is a significant financial burden for manufacturers. On average, systems are shut down for 11.6 days, at a cost of $1.9 million per day. This surmounted to more than $17 billion in total cost over the past seven years, excluding 2025 incidents.

If they aren’t already, alarm bells should be ringing for industrial organizations, who need to take these events and their devastating outcomes as a cue to act.

First, a necessary mindset shift

Many manufacturers still rely on prevention-first approaches to cybersecurity. Zero trust architectures (ZTA), monitoring systems (e.g. EDRs), multi-factor authentication (MFA), and encryption are common preventative measures. While each has its strengths, these practices won’t make an organization’s systems bulletproof.

The harsh truth is that as these detection and response systems have advanced, so have attack methods. Ransomware operators now have a toolbox of sophisticated techniques to evade modern security tactics. For example, PromptLock ransomware is an AI-powered variant that uses a large language model to quickly and repeatedly generate malicious scripts that bypass pattern-based detection.

With this added sophistication, any organization is now vulnerable, no matter their prevention strategy. Endpoint agents, or the first line of defense, are typically the first to go down. And traditional fail safes, including on-premises and cloud backups, are still susceptible to being targeted or encrypted.

Now, manufacturers must recognize that an attack is not a matter of if, but when – and determine if they are properly prepared.

What’s the key to resilience?

Prioritizing verified backup and rapid recovery is a crucial step in an effective cybersecurity strategy. Industrial organizations need to be able to identify risks in real-time, and in the event of an inevitable breach, restore operations safely and immediately to avoid the cascade of consequences from unplanned operational downtime.

With today’s advanced threat landscape that’s only growing more challenging to combat, doing so hinges on immutable recovery paths that can isolate critical systems and test patches in a controlled way before full deployment. AI has also become instrumental in automating vulnerability management and backups for instantaneous response and recovery times.

In an industry where every second lost is detrimental to safety, product quality, revenue, and brand trust, coupling strong controls with verified backup and recovery is the only way for organizations to be truly resilient. This year’s astronomical number of ransomware attacks, especially the JLR incident, should be taken as a sign by manufacturers to prepare now before it’s too late. Will you be ready when the day comes?