The typical cybersecurity firm releases reports. Here is one from a company called Resiliance. The unique take on this concerns linking cybersecurity technology to insurance risk. I’ve talked with people from various standards committees who believe a combination of insurance risks plus board-level concern with those insurance risks will drive management to pay more attention to the situation.
So consider this report as part of a larger management strategy.
Proprietary claims data reveal the simple practices manufacturing cybersecurity leaders should implement to limit financial risk
The best responses to change and management are the search for the simplest. Not too simple, but definitely trying to defeat overly complex processes.
Manufacturing is currently the single most targeted industry for cyberattacks. Given their critical role in the modern interconnected economy and low tolerance for downtime, manufacturers have become a prime target for threat actors looking for bigger payouts. On April 28, 2026, Resilience released The State of Cybersecurity in Manufacturing to identify the key drivers of financial losses based on real claims data and security practices that deliver measurable reductions in financial risk across its manufacturing portfolio. The report offers manufacturing security leaders, risk managers, and brokers clear, evidence-based solutions grounded in real claims.
Key findings from Resilience’s manufacturing claims data include:
- Over 90% of total incurred losses in Resilience’s manufacturing portfolio were attributable to ransomware, despite ransomware making up only 12% of claim volume among manufacturers. This shows that when attacks do happen, the losses are severe.
- Phishing and transfer fraud accounted for 30% of manufacturing claims, showing that human error is still one of the leading causes of cyber disruption.
- About 26% of all portfolio losses came from an MFA misconfiguration as the point of failure. The single most expensive event in Resilience’s manufacturing portfolio, attributed to BlackCat, was enabled by misconfigured MFA.
- Wrongful data collection caused 12% of claims, driven primarily by website tracking and pixel-related litigation, rather than operational data collection from connected manufacturing systems.
- There are five specific, implementable security controls that manufacturers can undertake to meaningfully address material risk and harden their defenses against cyber threats.
Importantly, Resilience’s new data illustrates that the controls security leaders should implement aren’t complicated. Simple adjustments are all that’s needed to strengthen their posture against cyber risk.
What security controls deliver the highest ROI for manufacturing organizations? Based on Resilience’s analysis of manufacturing insurance claims data and financial risk modeling, five controls consistently delivered the most significant identified impact on financial exposure:
- Auditing and validating MFA deployment supports consistent enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.
- Strengthening vulnerability management for external-facing systems hardens organizations from software vulnerability exploited directly linked to expensive ransomware outcomes.
- Implementing procedural controls for financial transfers can protect against phishing and transfer fraud attacks that represent the most frequent claim activity in the portfolio. This is a strategic cost-saving practice, as the average transfer fraud event costs roughly ten times more than the average email compromise.
- Extending security requirements to vendors and supply chain partners is designed to help insulate manufacturers from a distinct cause of loss in the claims data. Manufacturers should extend their security requirements to critical vendors, including contractual MFA and patching requirements, continuous monitoring of vendor risk posture, and contingency plans for disruptions to critical suppliers.
- Cyber risk quantification and transfer support the translation of cybersecurity risk into financial language that resonates with CFOs and boards to assist in securing adequate investment. Resilience’s claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings are intended to inform specific control investments and insurance coverage decisions.
