Manufacturing Sector Confronts an Unprecedented Wave of Cyberattacks in 2026: Kaspersky Report

ISLAMABAD:  According to a new Kaspersky ICS CERT report, in Q1 2026 the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19.6% globally. Kaspersky security solutions blocked malware from 10,052 different malware families of various categories on industrial automation systems.

Regionally, the share of ICS computers that were attacked ranged from 27.4% in Africa to 9.1% in Northern Europe. Compared to the previous quarter, attacks on the manufacturing sector in Q1 increased in multiple regions, including in Europe and Asia.

In terms of overall numbers across all industry sectors, five regions saw an increase in the share of attacked ICS computers in Q1 2026 compared to the previous quarter. These were Southern Europe, Russia, Northern Europe, Canada and Africa.

In Q1, biometric systems traditionally placed first in terms of the share of ICS computers on which malicious objects were blocked, at 26.4%. These systems commonly have internet access, are used for email, and, in many cases, have minimal cybersecurity controls within the organizations that use these systems. Regionally, Southern Europe leads the ranking based on the percentage figures for biometric systems, at 35.15%. Africa follows at 29.58%, and Central Asia comes in third at 28.53%.

In the manufacturing industry, Southeast Asia ranks first among regions in terms of the percentage of ICS computers attacked (23.21%), followed by Africa (21.36%) and South Asia (20.13%).

“Legacy operational technology systems remain deeply embedded in manufacturing environments, which makes them vulnerable. Supply chain complexity and branching of the trusted partner network expands the attack surface beyond the network perimeter. Attackers are realizing that targeting OT assets of an industrial enterprise is not rocket science, which is why factory shuttdowns bring massive financial losses,” commented Evgeny Goncharov, Head of Kaspersky ICS CERT.

Full information is available in the report on Kaspersky ICS CERT website.
To keep OT computers protected from various threats, Kaspersky experts recommend conducting regular security assessments of OT systems to identify and eliminate possible cyber security issues. Establishing continuous vulnerability assessment and triage as a foundation for effective vulnerability management process. Dedicated solutions like Kaspersky Industrial CyberSecurity may become an efficient assistant and a source of unique actionable information, not fully available in public.

Using EDR solutions such as Kaspersky Next EDR Expert for timely detection of sophisticated threats, investigation, and effective remediation of incidents. Improving the response to new and advanced malicious techniques by building and strengthening teams’ skills in incident prevention, detection, and response. Dedicated OT security trainings for IT security staff and OT personnel is one of the key measures helping to achieve this.