While overall costs of cybersecurity breaches fell in 2024, that’s not true in manufacturing, where the cost of an average hack soared 17.5% from $4.73 million to $5.556 million. The $830K jump is the priciest of any industry.
The study examined IBM’s Cost of a Data Breach research, grouping breach targets by year and industry, to find that many industries once considered low-priority for hackers saw their costs increase. Among the worst hit? With manufacturing and retail, technology companies also saw their breach costs soar more than 17% year over year.
Why Manufacturing?
With this year’s increase in costs per hack, industrial organizations in manufacturing or chemical processing and engineering now see the average hack price tag 10.5% above the all-industry average. Because they were previously perceived to have a low vulnerability to hacks, many manufacturers still go without robust proactive cybersecurity protection. The result is that new hacking events, even when relatively small, can snowball into major incidents.
A minor breach can quickly escalate into a catastrophic event if left unchecked. Breaches have resulted in settlements ranging from $30 to $50 million, with customer data exposure affecting anywhere from nine to over 300 million records. Companies that fail to invest in robust cybersecurity platforms risk prolonged recovery periods, severe financial penalties, and the erosion of customer trust. These costs that far exceed the price of proactive defense.
Manufacturing is especially challenged by factors that may lead to increased costs. It has high operational disruption risks, complex interconnected environments, and an increasing reliance on digitization technology, from automation and robotics to networked IoT devices. Uncoincidentally, the industry is also seeing increasing attacks by sophisticated threats, from ransomware to supply chain attacks and zero-days.
When production lines can be halted or held hostage, threat actors find value in the attack. Manufacturing can yield an attractive bounty in the form of intellectual property, and design or trade secrets. As rapidly digitizing manufacturers continue to scale and diversify their ecosystems, they may be seeing that breaches are increasingly likely to impact large-scale operations and systems in ways that are expensive to fix.
The Changing Face of Breach Costs Across Industries
As some fields reduce their overall costs, attackers turn to less prepared industries, like manufacturing, along with retail and technology. These bastions of consumer data haven’t found themselves as heavily targeted in the past, but they have also accelerated their digital transformation in recent years with new remote work infrastructures, cloud adoption, digital collaboration, client portals, digital payment systems, and even virtual betting apps and online gambling platforms.
In manufacturing, increasingly interlinked companies, along with their vendors and contractors, are beginning to see that cyberattacks on one supplier can have cascading consequences on entire ecosystems, and that attackers who enter one part of their ecosystem can create large-scale impacts across systems. The future isn’t about undoing increased connectivity. It’s about digitizing with smarter security that thwarts attacks before they turn into big costs.
The study demonstrates that even well-known targets can significantly decrease their exposure.
Today, sectors like healthcare, with breach costs down 10.6% year over year, likely find that heavy regulation and proactive security have helped manage the fallout of breaches. With compliance pressure comes the need to implement strong cybersecurity defenses or face fines, and proactive security means breaches get caught in real time, before they can spread, along with costs and damages.
For manufacturing, a similar one-two punch can cap rising costs and reverse the trend. With regulation has come accountability: but all organizations can embrace regular security audits and testing, as well as improve incident response planning. And as breach costs rise, security investment is naturally incentivized; teams that identify breaches as they’re happening are positioned to head off high-ticket damages.
The next phase of cybersecurity will likely be defined not just in how well companies can prevent breaches from happening, but in how they minimize their financial and operational impact.