By Ryan Windt | Head of Growth Marketing | Updated March 2026
Manufacturing has a target on its back.
According to Allianz, the manufacturing sector generated more cyber insurance claims than any other industry in 2025, representing 33% of total claims volume. Munich Re and Mandiant data identifies manufacturing as one of the three most exposed sectors globally, alongside government and technology. Resilience’s 2025 midyear report found that manufacturing ransomware incidents were generating average claim severity of over $1 million.
This is not a coincidence. It is the predictable result of an industry that has spent decades connecting operational technology to corporate networks without fully accounting for what that connectivity introduces. The machines that run your plant floor, the SCADA systems that manage your production lines, the PLCs controlling your equipment: these are now cyber targets, and the consequences of an attack go well beyond stolen data.
This guide breaks down why manufacturers are so heavily targeted, what a breach actually costs, what underwriters look for, and how to structure a cyber insurance program that reflects the way manufacturing businesses actually operate.
Why Manufacturing Is the Most Targeted Sector
The answer comes down to three factors that converge in manufacturing more than almost anywhere else.
Production downtime is immediately costly. When a ransomware attack shuts down a factory floor, the losses start accumulating by the hour. Idle equipment, idle workforce, missed delivery windows, contract penalties, and lost revenue can reach tens of thousands of dollars per hour for a mid-sized operation. Attackers know this. The pressure to restore operations quickly makes manufacturers more likely to pay ransoms and pay them fast.
Operational technology is difficult to patch and protect. OT environments were designed for reliability and longevity, not for the security requirements of a connected world. Many manufacturers are running equipment with embedded software that is years or decades old, cannot be easily updated, and was never designed to operate on a network that touches the internet. These systems create persistent vulnerabilities that traditional IT security controls cannot fully address.
Supply chain position amplifies the blast radius. Manufacturers sit in the middle of complex supply chains. A breach that disrupts your production can trigger downstream consequences for customers and upstream consequences for suppliers. That exposure cuts both ways: you can be harmed by a breach at a vendor, and your customers can pursue claims against you if your breach disrupts their operations.
What a Manufacturing Cyber Incident Actually Costs
The numbers from the manufacturing sector are among the most severe in cyber insurance claims data.
A ransomware attack against a mid-sized manufacturer looks something like this. Attackers gain access through a phishing email or an exposed remote access point. They spend days or weeks moving laterally through the network before deploying ransomware. When it detonates, it encrypts both IT systems (email, ERP, accounting) and OT systems (SCADA, PLCs, HMIs). Production stops. The ransom demand arrives.
The costs compound quickly:
- Incident response and forensics: $100,000 to $300,000, often more for complex OT environments where specialized expertise is required
- Production downtime: $10,000 to $100,000+ per hour depending on facility size and product margins
- Ransom payment (if made): average manufacturing ransoms in 2025 ran well into six figures, with large facilities seeing demands in the millions
- System restoration: rebuilding OT environments is slower and more expensive than IT restoration because specialized engineering knowledge is required and replacement parts or firmware updates may have lead times
- Customer claims: if your downtime caused missed deliveries or contract penalties for customers, they may pursue claims against you under your MSA or supply agreement
- Regulatory notifications: if you handle data subject to state privacy laws, ITAR, or other regulations, breach notification obligations add legal and compliance costs
Total exposure for a serious manufacturing incident routinely exceeds $1 million. For smaller job shops or fabricators with thinner margins, even a fraction of that can be existential.
The OT/IT Convergence Problem
This is the issue that makes manufacturing cyber risk genuinely different from most other sectors, and it is the issue that underwriters focus on most.
Operational technology and information technology were historically separate. The machines on your plant floor operated on isolated networks, or no network at all. That isolation was a form of security, even if it was never designed as such.
Over the past decade, that separation has dissolved. Manufacturers connected OT systems to corporate networks to enable real-time monitoring, remote management, predictive maintenance, and ERP integration. Those connections create efficiency. They also create pathways that attackers can use to move from a compromised email account to a production line.
The result is that many manufacturers now have environments where:
- Legacy PLCs and HMIs cannot run modern security software
- OT systems cannot be patched without taking production offline
- Remote access to plant floor systems exists for vendor support but is not consistently secured with MFA
- Network segmentation between IT and OT is incomplete or inconsistently enforced
- Backup systems cover IT data but not OT configurations, meaning recovery requires manual reconfiguration of industrial equipment
Underwriters know this. When a manufacturer applies for cyber insurance, the questions about OT environment, network segmentation, remote access controls, and backup coverage are not boilerplate. They are the questions that determine whether coverage is available, what it costs, and whether it includes or excludes OT-related losses.
Supply Chain Liability: The Coverage Gap Most Manufacturers Miss
Beyond the direct costs of a breach, manufacturers face a liability exposure that is easy to underestimate: what happens if your incident causes losses for your customers or suppliers?
If a ransomware attack prevents you from fulfilling orders, your customers may have contractual claims against you for missed deliveries, production delays, or downstream damages. If you are a Tier 1 or Tier 2 supplier to a larger manufacturer or defense contractor, those claims can be substantial.
Cyber insurance third-party liability coverage addresses this exposure, but manufacturers need to confirm that their policy:
- Covers contingent business interruption losses flowing from your incident to named customers
- Addresses contractual liability under supply agreements, not just tort claims
- Does not exclude OT-related incidents that trigger downstream customer losses
Similarly, if a breach originates at one of your vendors and propagates into your environment, your own policy needs to respond. Upstream supply chain incidents are a growing source of manufacturing losses and are not universally covered without specific policy language.
What Underwriters Look for in Manufacturing Applications
Underwriters approach manufacturing risks differently than they approach professional services or retail. The controls that matter most reflect the OT environment, the remote access footprint, and the supply chain dependencies that define the sector.
Network segmentation between IT and OT. This is the single most important control in a manufacturing environment. Underwriters want to see documented evidence that corporate IT networks and operational technology networks are separated, with controlled and monitored access points between them. Flat networks where a compromised laptop can reach a PLC are treated as high-risk.
Multi-factor authentication on all remote access. Remote desktop access, VPN connections, and vendor remote support sessions are the most common initial access vectors in manufacturing attacks. MFA on every remote access point, including third-party vendor access, is a baseline requirement for favorable terms.
OT-aware endpoint detection. Traditional EDR tools do not run on most OT systems. Underwriters increasingly want to see OT-specific monitoring solutions (such as Claroty, Dragos, or similar platforms) deployed in environments with significant IT/OT integration. At minimum, they want network-level visibility into OT traffic.
Backup coverage for OT configurations. Backups that cover IT data but not OT system configurations, PLC ladder logic, or HMI programs leave a critical gap. Recovering from a ransomware attack that encrypts OT systems without configuration backups can require weeks of manual engineering work. Underwriters ask specifically whether OT system configurations are backed up and how frequently.
Patch management process for IT systems. Because OT systems are often difficult or impossible to patch, underwriters focus heavily on whether IT systems, especially internet-facing ones, are kept current. Unpatched VPNs, remote access tools, and ERP systems are common entry points.
Incident response plan covering OT scenarios. A generic IT incident response plan is not sufficient. Underwriters want to see that the plan addresses OT-specific scenarios: what happens when production systems are encrypted, who has authority to take the plant floor offline, and how the organization coordinates between IT, OT engineering, and operations leadership during a response.
Third-party vendor access controls. Many manufacturers grant remote access to equipment vendors, maintenance contractors, and systems integrators. That access, if unmanaged, represents a significant attack surface. Underwriters look for documented vendor access policies, session logging, and ideally just-in-time access provisioning rather than persistent credentials.
Regulatory Considerations for Manufacturers
Depending on what you make and who you sell to, regulatory obligations may add another layer to your cyber risk profile.
Defense contractors and ITAR. If you manufacture for the Department of Defense or handle controlled technical data, CMMC 2.0 requirements are now active in DoD contracts and solicitations. Compliance gaps can affect both your contract eligibility and your cyber insurance terms. See SeedPod’s guide to cyber insurance for defense subcontractorsfor a full breakdown.
State privacy laws. If you collect personal data from employees, customers, or vendors, state privacy regulations may require breach notification and create liability for unauthorized disclosure. This is increasingly relevant as manufacturers collect more data through connected equipment and customer portals.
Industry-specific regulations. Food and beverage manufacturers may face FDA cybersecurity expectations for connected production systems. Pharmaceutical manufacturers face FDA 21 CFR Part 11 requirements. Automotive suppliers may face customer-mandated security standards. These obligations shape both your risk profile and your coverage needs.
What a Manufacturing Cyber Insurance Program Should Cover
A well-structured cyber policy for a manufacturer needs to address exposures that a generic commercial lines form may not anticipate. When evaluating coverage, look for:
First-party coverage with OT scope. The policy should explicitly cover losses arising from OT system failures caused by a cyber event, not just IT system losses. Some policies exclude OT-related business interruption or limit recovery costs to IT restoration. Read the definitions carefully.
Business interruption with a short waiting period. Manufacturing BI losses start accumulating immediately. A policy with a 24 or 48-hour waiting period before BI coverage triggers can leave significant losses uncovered. Look for waiting periods of 8 hours or less.
Extended restoration periods. Rebuilding an OT environment takes longer than restoring IT systems. Standard policies may assume a restoration period measured in days. Manufacturing recoveries often take weeks. Make sure the BI indemnification period is long enough to cover actual recovery time.
Third-party supply chain liability. Coverage for claims from customers whose operations were disrupted by your incident, and for losses you suffer from a vendor incident that propagates into your environment.
Contingent business interruption. If a key supplier suffers a cyber event that disrupts your production, contingent BI coverage responds to your losses. This is particularly relevant for manufacturers with concentrated supplier relationships.
Ransomware and extortion coverage. Explicit coverage for ransom payments, negotiation costs, and extortion response, with no exclusions that would void coverage based on the attacker’s identity or motivation.
No war exclusion overreach. Nation-state and hacktivist attacks against manufacturing targets are increasing. Make sure the war exclusion in your policy is narrowly drawn and does not create an opening to deny coverage for the kinds of attacks that are actually hitting the sector. See our guide on cyber insurance war exclusions for context.
Coverage limits sized for actual OT exposure. A $1 million policy limit that seemed adequate for a primarily IT-based business may be insufficient for a manufacturer where a single ransomware event can generate seven figures in production losses alone. Benchmark limits against your actual daily revenue, recovery timeline estimates, and supply chain liability exposure.
The Bottom Line
Manufacturing is the most targeted sector in cyber insurance claims data. The combination of OT environments, remote access dependencies, supply chain position, and production downtime sensitivity creates a risk profile that is both severe and, in many cases, underinsured.
The good news is that strong controls still matter. Manufacturers that can document network segmentation, MFA on remote access, OT monitoring, and a tested incident response plan consistently get better terms, broader coverage, and lower premiums than those that cannot.
At SeedPod Cyber, we underwrite directly with carriers, which means we can translate your actual security posture into carrier-friendly evidence, identify the markets that are most receptive to manufacturing risks, and structure coverage that reflects how your operation actually runs rather than fitting you into a generic commercial form.
If you are a manufacturer, a broker with manufacturing clients, or an MSP serving the industrial sector and want to understand where your current program has gaps, we would welcome the conversation. Contact us today.