The value of the Resilience data to CISOs comes from mapping the security failure points in its portfolio to the ultimate cost of the security incident. Two key failures stand out. Firstly, 13% of losses stem from software vulnerability exploits. This highlights the need for improved patching cycles.While it is true that manufacturing has specific and severe patching problems, very few companies anywhere invest in adequate, rapid patching. For manufacturing, Resilience recommends, “Organizations should implement compensating controls including network isolation, virtual patching, and enhanced monitoring of vulnerable systems.”Perhaps more surprising, however, is that double the exploit loss is caused by MFA misconfigurations – the number one point of failure – leading to financial loss at 26%. (This figure dwarfs the loss incurred by the absence of MFA which stands at 8%; but the probable reasons are no excuse nor argument for not installing properly configured MFA.)The single largest loss in the portfolio, a ransomware attack attributed toBlackCat, was directly enabled by misconfigured MFA.Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
While it is true that manufacturing has specific and severe patching problems, very few companies anywhere invest in adequate, rapid patching. For manufacturing, Resilience recommends, “Organizations should implement compensating controls including network isolation, virtual patching, and enhanced monitoring of vulnerable systems.”Perhaps more surprising, however, is that double the exploit loss is caused by MFA misconfigurations – the number one point of failure – leading to financial loss at 26%. (This figure dwarfs the loss incurred by the absence of MFA which stands at 8%; but the probable reasons are no excuse nor argument for not installing properly configured MFA.)The single largest loss in the portfolio, a ransomware attack attributed toBlackCat, was directly enabled by misconfigured MFA.Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
Perhaps more surprising, however, is that double the exploit loss is caused by MFA misconfigurations – the number one point of failure – leading to financial loss at 26%. (This figure dwarfs the loss incurred by the absence of MFA which stands at 8%; but the probable reasons are no excuse nor argument for not installing properly configured MFA.)The single largest loss in the portfolio, a ransomware attack attributed toBlackCat, was directly enabled by misconfigured MFA.Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
The single largest loss in the portfolio, a ransomware attack attributed toBlackCat, was directly enabled by misconfigured MFA.Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
Resilience recommends that MFA validation should be treated as a continuous process. “The priority is not just deploying MFA but auditing existing deployments to ensure enforcement across all accounts, elimination of bypass conditions, and proper configuration of conditional access policies.”Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
Beyond ransomware, the report highlights loss incurred through transfer fraud and email compromise, which comprise 30% of all claims. These attacks are more frequent than ransomware even if the loss is less severe. In both cases, the primary point of failure is phishing leading to credential compromise, which is implicit in more events than these.“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
“Once obtained, valid credentials allow attackers to log into enterprise systems as if they were authorized users, blending into normal networks,” says Resilience. “Attackers obtain these credentials primarily through infostealer malware delivered via phishing emails — which surged 84% year-over-year in 2024 — and through credential phishing sites that mimic legitimate login pages.”The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
The report recommends that transfer fraud should be combatted with out of band confirmation for payment changes, and a dual authorization procedure for large transactions together with targeted social engineering training, especially for finance and accounting teams, to counter phishing in general.While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
While the Resilience analysis primarily relates to ransomware in the manufacturing sector, its recommendations will resonate across multiple attack and industry vectors and could be used by all CISOs.“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
“Manufacturers don’t need to reinvent the wheel in the face of a growing threat,” says Jud Dressler, head of the risk operations center (ROC) at Resilience. “Our claims data, coupled with threat intelligence from the ROC, found that by auditing and validating MFA deployment, implementing procedural controls for financial transfers, investing in ransomware containment and response, and instituting other easy-to-implement practices can materially combat risk.”The report adds, “Translating cybersecurity risk into financial language that resonates with CFOs and boards is essential for securing adequate investment. The claims data provides a concrete basis for this conversation: ransomware dominates loss, a single point of failure (MFA misconfiguration) drives the largest share of exposure, and unpatched software is a direct line to the most expensive outcomes. These findings map directly to specific control investments and insurance coverage decisions.”Armed with such data, technical CISOs could more effectively present and argue the case for an adequate security budget.Learn More at the CISO Forum at the Ritz-Carlton, Half Moon BayRelated:Ransomware Hits Automotive Data Expert AutovistaRelated:Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingRelated:Masimo Manufacturing Facilities Hit by CyberattackRelated:Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
Source: SecurityWeek
