Europe’s manufacturing sector is under siege. A new report from KnowBe4, released this week, lays bare the growing cyber vulnerabilities facing the continent’s increasingly digitalised production lines.
Titled Securing Manufacturing’s Digital Future, the report paints a stark picture: as factories adopt smarter, more connected systems, they are becoming prime targets for ransomware gangs and social engineering attacks.
Digital progress has its price
Manufacturers are pouring investment into automation and smart infrastructure. But the result is a sprawling attack surface, one that blends IT and operational technology, and opens the door to exploitation.
“Every minute of disruption costs money,” the report states. “And when production stops, supply chains feel it fast.”
Ransomware is the weapon of choice
For the fourth year running, manufacturing remains the most targeted industry for cyberattacks. The European Union Agency for Cybersecurity (ENISA) confirms that ransomware was the top threat to the sector from 2023 through 2024.
The 2025 Verizon Data Breach Investigations Report backs this up: ransomware was behind 47% of all manufacturing breaches last year.
LockBit. PlayCrypt. 8Base. These are just a few of the groups taking aim at Europe’s factories.
The reason? Downtime. Unlike other sectors, manufacturers can’t afford it. One hour of halted operations can send shockwaves through logistics, supply chains, and customer commitments.
Humans remain the easiest entry point
The report doesn’t blame systems alone. People, it says, remain the easiest entry point.
Social engineering (phishing emails, spoofed identities, manipulated trust) accounted for 22% of breaches in manufacturing last year.
“With so much focus placed on physical safety and production line reliability, cyberthreats can sometimes fall under the radar,” said Javvad Malik, lead security awareness advocate at KnowBe4.
“But many of today’s most devastating breaches do not start with a technical flaw. They start with a human mistake.”
Malik points to common missteps: weak passwords, ignored protocols, missed warning signs.
“Attackers exploit people because people are predictable,” he said. “To build resilience, you have to train the workforce. Teach them how to spot trouble before it spreads.”
The numbers tell the story
KnowBe4’s report highlights sharp increases across the board:
- Confirmed data breaches in manufacturing rose by 89.2% between 2023 and 2024
- Nearly half (47%) of all manufacturing breaches in 2024 involved ransomware
- 22% of successful attacks stemmed from social engineering tactics
European manufacturers, in particular, are being singled out by high-profile ransomware operators. The attacks are frequent. And the payloads are eye-watering.
Training works, if done right
There’s good news too. When security awareness training is done well, it pays off.
Over a 12-month period, organisations that adopted consistent cyber training saw phishing susceptibility drop from 31.8% to just 3.6%. That’s a reduction of 89%.
The lesson? Human error can be fixed, but only with effort.
“Manufacturers that fail to act now risk not just data loss, but systemic disruption across operations, supply chains, and even national infrastructure,” Malik warned.
As the sector digitises, the stakes rise. Security cannot remain an afterthought. From the shop floor to the boardroom, cyber awareness must be part of the culture.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.