Nearly one in five industrial control systems (ICS) worldwide was hit by a cyberattack in Q1 2026, with Southeast Asia ranking as the most targeted region for manufacturing sector attacks, according to Kaspersky‘s latest ICS CERT quarterly report.

The report found that 19.4% to 19.6% of ICS computers globally had malicious objects blocked during the quarter — with Kaspersky’s security solutions detecting threats from 10,052 distinct malware families targeting industrial automation systems. The regional spread of attacks ranged from 27.4% of ICS computers in Africa to 9.1% in Northern Europe.

Southeast Asia leads manufacturing attacks

In the manufacturing industry specifically, Southeast Asia ranked first among all regions in the share of ICS computers attacked, at 23.21% — ahead of Africa at 21.36% and South Asia at 20.13%. Compared to the previous quarter, attacks on manufacturing increased across multiple regions including Western, Eastern, Southern, and Northern Europe, as well as South, East, and Central Asia, and Australia and New Zealand.

The biometrics sector recorded the highest attack rate of any industry in Q1, with 26.4% of ICS computers targeted. Kaspersky attributes this to biometric systems’ typical internet connectivity, email usage, and often minimal in-house cybersecurity controls. Southern Europe led the biometrics attack ranking at 35.15%, followed by Africa at 29.58% and Central Asia at 28.53%.

Manufacturing losses from ransomware exceed US$18 billion

The report cites prior joint research from Kaspersky and VDC Research estimating that ransomware attacks on manufacturing organisations generated over US$18 billion in losses globally in just the first three quarters of 2025 — with actual business losses likely higher once supply-chain disruption, reputational damage, and recovery costs are factored in.

“Legacy operational technology systems remain deeply embedded in manufacturing environments, which makes them vulnerable. Supply chain complexity and branching of the trusted partner network expands the attack surface beyond the network perimeter. Attackers are realizing that targeting OT assets of an industrial enterprise is not rocket science, which is why factory shutdowns bring massive financial losses,” said Evgeny Goncharov, Head of Kaspersky ICS CERT.