SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Industrial firms hit hardest by ransomware attacks
Malware Ransomware Manufacturing

Industrial firms hit hardest by ransomware attacks

Thu, 14th May 2026 (Today)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

Industrial organisations faced 2,073 ransomware attacks in the 12 months to March 2026, making the sector the most targeted industry over that period, according to NCC Group.

The figures show industrial organisations accounted for an average of 29.6% of all ransomware activity each month. NCC Group linked that level of activity to the exposure of operational technology environments, where cyber incidents can disrupt physical processes as well as digital systems.

Operational technology, or OT, covers systems that monitor, control and interact directly with industrial operations. These systems are widely used across manufacturing, engineering and infrastructure, including parts of the UK's critical national infrastructure.

The data also points to a concentration of attacks in capital goods businesses. Within that segment, organisations involved in machines, equipment and infrastructure recorded 1,192 attacks over the same period.

Machinery businesses saw 442 attacks, while construction and engineering companies recorded 394. The pattern suggests attackers are targeting sectors where disruption can halt production and affect supply chains.

Regulatory pressure

The warning comes as regulatory scrutiny of cyber risk in industrial environments increases. Requirements under the Network and Information Systems Regulations call on operators of essential services to put in place technical and organisational measures to manage cyber risk across both IT and OT systems.

The Cybersecurity Act and updated sector guidance have also raised expectations around OT governance, incident reporting, resilience and supply-chain security. That has increased pressure on organisations that have historically focused more heavily on information technology than on operational environments.

Convergence between IT and OT has become a central issue for industrial businesses. As companies connect production systems more closely with data management and wider corporate networks, the impact of cyber incidents can spread more quickly from office systems into plant and field operations.

Ray Robinson, OT Director at NCC Group, said many organisations still prioritise IT security while underestimating the exposure of their operational environments.

"Our data shows that many organisations continue to prioritise IT security while underestimating the exposure of their operational environments. When OT systems are disrupted, the impact goes far beyond data loss - production can halt, essential services can be disrupted, and in some cases, lives can be put at risk," he said.

The concern for industrial operators is not only commercial. OT attacks can create wider resilience issues where systems are tied to essential services, public infrastructure or safety-critical processes.

Compliance focus

Regulators are making clear that operational environments fall within the scope of cyber resilience obligations when they support essential services or public safety. That shifts OT security from a specialist technical issue to a board-level governance and compliance matter.

For many businesses, the challenge lies in bringing legacy industrial systems into modern cyber risk frameworks. OT estates often include older equipment and control systems designed for reliability and availability rather than defence against internet-linked threats.

That can leave operators balancing production continuity with the need to improve security controls, reporting processes and supply-chain oversight. It also means incidents in industrial settings can carry operational and safety implications beyond the direct financial cost of ransomware.

Katarina Sommer, Global Head of Government Affairs and Analyst Relations at NCC Group, said the regulatory position was becoming more explicit.

"Regulators are increasingly clear that OT environments fall within scope of cyber resilience obligations, particularly where systems support essential services or public safety. Organisations that focus compliance efforts solely on IT risk are exposing themselves to operational, regulatory and safety consequences, so it is key that organisations treat OT risks in the same way they approach IT security," she said.

Related stories
Ransomware attacks surge 50% as industrial firms hit hardest
Ransomware attacks near record as groups consolidate
AI drives ransomware surge, experts urge faster defence
UK firms urged to bolster cyber security after breaches
Attackers turn trusted tools into cyber weapon
Top stories
Versa adds cloud posture management to SASE platform
Versa study finds gap in network-security convergence
UK sets out cyber resilience Bill & digital ID plans
Interledger Foundation expands open payments teaching
Akamai to buy LayerX for USD $205 million in AI push