Manufacturing was the industry most targeted by hackers during 2021, accounting for 23.2% of incidents, according to IBM Security X-Force research. The sector edged out insurance and financial services by a slim margin.

IBM reported hackers are pressuring manufacturers into paying ransoms by leveraging the downstream impact that occurs when production is disrupted. However, the industry can do more to protect itself as the research found 47% of attacks were caused by system vulnerabilities that either were not yet or couldn’t be patched.

“Cybercriminals usually chase the money. Now with ransomware, they are chasing leverage,” Charles Henderson, head of IBM X-Force, said in a statement. “Businesses should recognize that vulnerabilities are holding them in a deadlock — as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero-trust strategy.”

Finance and insurance organizations were the most targeted for a long period, according to IBM, and were the second most attacked during 2021, accounting for 22.4% of incidents. Breaking it down further, attacks on banks comprised 70% of the sector’s incidents, while insurance companies accounted for just 16%. Other financial organizations saw the remainder.

North American insurers and financial service providers saw a modest share (9%) of the sector’s global attacks though, as most were concentrated in Asia (34%) and the Middle East and Africa (29%). Europe saw 19%, while Latin America accounted for 9%.

The season for ransomware

As has been the case for the past three years, ransomware was the top attack type, accounting for 21% of incidents remediated by IBM X-Force.

The research discovered ransomware attacks tend to pick up in frequency during May and June. Incidents typically decline in late summer and early fall and decline sharply again in January, according to IBM.

Additionally, “triple extortion” is an emerging ransomware trend that should cause worry. In these attacks, hackers encrypt and steal data as well as threaten to deploy a distributed denial-of-service attack against the company. This means the organization is “held hostage with two kinds of malicious attacks — often simultaneously — and are then further victimized by the theft (and often leak) of data,” according to the report.

Further, ransomware gangs are also starting to extend their primary victim’s business partners in an effort to pressure them into paying a ransom to prevent their own data leak or business disruption caused by the initial ransomware attack.

This article was written by Steve Hallo with NU Property Casualty 360. To learn more, visit: