78% of Companies Targeted With Ransomware; Manufacturing Hit Hardest – tech.co

78% of Companies Targeted With Ransomware; Manufacturing Hit Hardest – tech.co

 

Report on Global Ransomware Attacks and Their Impact on Sustainable Development Goals

Executive Summary

A 2025 study by Semperis reveals a critical threat to global economic and social stability, with 78% of organizations surveyed experiencing a ransomware attack in the past year. These cyberattacks represent a significant impediment to achieving multiple Sustainable Development Goals (SDGs), particularly those related to economic growth, infrastructure, and strong institutions. The findings underscore the urgent need for enhanced cybersecurity measures as a prerequisite for sustainable development.

Widespread Economic Disruption and a Threat to SDG 8

The prevalence of ransomware attacks directly undermines SDG 8: Decent Work and Economic Growth. The financial and operational disruption caused by these incidents diverts resources from productive investments and job creation.

  • Attack Frequency: 78% of 1,500 surveyed IT and security professionals reported their organization was targeted by ransomware in the last 12 months.
  • Financial Capitulation: In 69% of successful attacks, organizations paid the ransom, channeling funds to criminal enterprises and away from legitimate economic activity.
  • Operational Downtime: In the manufacturing sector, 63% of afflicted firms required up to one week to resume normal operations, with 16% experiencing downtime for over a week, severely impacting productivity and economic output.

Vulnerabilities in Critical Infrastructure: A Challenge to SDG 9

The report highlights that sectors essential for SDG 9: Industry, Innovation, and Infrastructure are primary targets for cybercriminals. Attacks on these industries threaten the development of resilient infrastructure and sustainable industrialization.

Targeted Industries

  1. Manufacturing and IT/Telecoms: These sectors were the most frequently targeted, with 81% of companies reporting attacks. This compromises industrial integrity and the digital infrastructure necessary for innovation.
  2. Financial Sector: 79% of financial institutions were targeted, with attackers achieving the highest success rate (64%) in this industry, threatening economic stability.
  3. Energy and Transportation: With attack rates of 77% and 71% respectively, the entire supply chain is at risk, jeopardizing the foundational infrastructure that supports all other economic activity.

The financial cost is substantial, with 61% of breached manufacturing firms paying between $500,000 and $1,000,000. This capital drain hinders investment in innovative and sustainable industrial practices.

Undermining Institutions and Public Services: Impact on SDG 11 and SDG 16

Ransomware attacks weaken the very fabric of society by targeting the organizations responsible for public welfare and governance, thereby obstructing progress on SDG 11 (Sustainable Cities and Communities) and SDG 16 (Peace, Justice, and Strong Institutions).

Institutional Impact

  • Government Services: 67% of government organizations experienced a ransomware attack, compromising their ability to deliver essential public services and eroding public trust.
  • Healthcare Sector: The continued targeting of the healthcare industry threatens patient safety and data security, directly impacting SDG 3 (Good Health and Well-being).
  • Erosion of Justice: The high rate of ransom payments indicates a failure of institutions to protect assets and enforce the rule of law, effectively rewarding criminal activity and undermining institutional strength.

Conclusion: Cybersecurity as a Pillar for Sustainable Development

The findings of the Semperis report illustrate that cybersecurity is no longer a niche IT concern but a core challenge to global sustainable development. The pervasive threat of ransomware demands a collaborative response aligned with SDG 17 (Partnerships for the Goals). Achieving the SDGs will require a concerted effort from public and private sectors to build a secure and resilient digital ecosystem through increased investment, talent development, and a culture of collective responsibility for deterring cyber threats.

SDGs Addressed or Connected to the Issues Highlighted in the Article

  • SDG 8: Decent Work and Economic Growth

    The article connects to SDG 8 by detailing how ransomware attacks cause significant economic disruption. The financial costs, such as ransom payments ranging from “$500,000 to $1,000,000,” and the loss of productivity due to business downtime, where “63% [of manufacturing firms] to resume normal operations” took between one day and one week, directly undermine economic growth and the stability of businesses, which are sources of decent work.

  • SDG 9: Industry, Innovation, and Infrastructure

    This is a central theme of the article. It highlights the vulnerability of critical industrial and digital infrastructure across various sectors, including manufacturing, IT, telecoms, finance, energy, and transportation. The text explicitly mentions that “identity infrastructure was compromised” in 83% of breached manufacturing firms. The widespread nature of these attacks demonstrates a lack of resilient infrastructure, which is a key focus of SDG 9. The disruption to these industries also threatens “global supply chains,” further emphasizing the link to this goal.

  • SDG 16: Peace, Justice, and Strong Institutions

    The article discusses cybercrime, a threat to peace and justice. Ransomware attacks are a form of organized crime. The article points to institutional weakness, noting that companies are “woefully underprepared” and that “98% of senior leaders” cannot identify phishing scams. The call to “upskill existing employees, and ultimately introduce a culture of collective responsibility” is a direct call to strengthen institutions (in this case, businesses and government organizations) to combat crime, aligning with the objectives of SDG 16.

Specific Targets Under Identified SDGs

  1. Target 9.1: Develop quality, reliable, sustainable and resilient infrastructure

    The article demonstrates that current digital infrastructure is not resilient. The high success rate of attacks on industries like finance (64%) and the fact that 78% of all surveyed organizations were targeted show a systemic vulnerability. The disruption to supply chains and business operations underscores the failure to maintain reliable infrastructure capable of withstanding such threats.

  2. Target 16.4: Significantly reduce illicit financial flows… and combat all forms of organized crime

    Ransomware is a form of organized crime that generates illicit financial flows. The article states that “69% of successful attempts resulted in the company acquiescing to the attackers’ demands” and that ransoms paid by manufacturing firms were often between “$500,000 and $1,000,000.” These payments are direct illicit financial flows to criminal organizations, which this target aims to reduce.

  3. Target 16.a: Strengthen relevant national institutions… to build capacity… to prevent… and combat… crime

    The article highlights a significant capacity gap within institutions (companies). The finding that “98% of senior leaders” lack basic cybersecurity awareness and the conclusion that the “business world needs to do more” by procuring talent and upskilling employees directly addresses the need to build capacity within these organizations to combat cybercrime, as called for in this target.

Indicators Mentioned or Implied in the Article

  • Proportion of organizations targeted by ransomware

    The article provides a clear indicator by stating, “78% of the IT professionals they surveyed… had been hit with an attempt in the last year.” This can be used to measure the prevalence of cybercrime attempts.

  • Proportion of organizations paying a ransom

    An indicator for the success of illicit financial flows is provided: “69% of successful attempts resulted in the company acquiescing to the attackers’ demands.” This measures the rate at which criminal demands are met.

  • Sector-specific vulnerability rates

    The article offers specific indicators for the vulnerability of different industrial sectors, stating that 81% of manufacturing and telecoms companies, 79% of finance companies, and 77% of energy companies were targeted. These figures help measure the resilience of infrastructure in key industries.

  • Financial cost of attacks

    A direct financial indicator is mentioned: “61% of manufacturing organisations hit with a ransomware attack paying between $500,000 and $1,000,000 to the perpetrators.” This quantifies the economic damage.

  • Duration of business disruption

    The article implies an indicator for economic productivity loss: “It took between one day and one week for most afflicted manufacturing firms (63%) to resume normal operations.” This measures the impact on business continuity.

  • Cybersecurity literacy rate

    An indicator for institutional capacity is provided: “98% of senior leaders [were] unable to correctly identify all the signs of a phishing attack.” This measures the preparedness and knowledge level within organizations.

SDGs, Targets, and Indicators Analysis

SDGs Targets Indicators (Identified from the article)
SDG 8: Decent Work and Economic Growth 8.2: Achieve higher levels of economic productivity.
  • Duration of business disruption: 63% of manufacturing firms experienced downtime of one day to one week.
  • Financial cost of attacks: 61% of manufacturing firms paid between $500,000 and $1,000,000 in ransom.
SDG 9: Industry, Innovation, and Infrastructure 9.1: Develop quality, reliable, sustainable and resilient infrastructure.
  • Proportion of organizations targeted by attacks: 78%.
  • Proportion of compromised identity infrastructure in manufacturing: 83%.
  • Sector-specific attack rates: Manufacturing (81%), IT/Telecoms (81%), Finance (79%).
SDG 16: Peace, Justice, and Strong Institutions 16.4: Significantly reduce illicit financial flows and combat all forms of organized crime.

16.a: Strengthen relevant national institutions… to build capacity… to combat crime.

  • Proportion of successful attacks resulting in ransom payment: 69%.
  • Proportion of senior leaders unable to identify phishing attacks: 98%.
  • Number of individuals affected by a single data breach: 1.4 million.

Source: tech.co