New findings from Sophos’ 2025 sector studies reveal the mounting pressure ransomware continues to place on two of the world’s most essential industries: manufacturing and production, and healthcare. Drawing on the experiences of 332 manufacturing/production leaders and 292 healthcare security leaders, the reports paint a clear picture of how attacks in both sectors are evolving—and why organizations remain vulnerable despite years of threat awareness.Across manufacturing and production, this year’s data highlights how ransomware continues to exploit longstanding operational and organizational weaknesses. Respondents cite a combination of technical misconfigurations, process failures, and resource constraints as the root causes of many attacks. The consequences are significant: high encryption rates, complex recovery timelines, and increasing financial pressures tied to ransom demands. For many organizations that rely on continuous operations and interconnected production environments, even short-lived outages can cascade into costly downtime and supply chain disruption.Healthcare providers reported similar patterns, but with even higher stakes. Patient care environments face the same mix of outdated systems and staffing challenges, yet the impact of downtime is uniquely acute. This year’s report shows how attackers are targeting the sector with increasingly disruptive techniques, leading to encrypted data, delayed recovery, and growing financial strain. A significant proportion of healthcare organizations still end up paying all or part of ransom demands, underscoring how operational urgency can override best practice during crises.Both studies also highlight a growing issue often overlooked in discussions of ransomware: the human toll. IT and cybersecurity teams across both sectors report heightened stress, fatigue, and burnout stemming from the relentless pace and severity of incidents. For many, ransomware is no longer a rare crisis event—it is a recurring operational reality that pushes already-stretched teams toward exhaustion.Taken together, the 2025 reports suggest that ransomware risk is no longer driven solely by attackers’ capabilities, but by systemic issues inside critical industries: under-resourced teams, inconsistent security practices, and aging infrastructure. As ransomware tactics continue to evolve, organizations in manufacturing, production, and healthcare face a difficult truth: technical controls matter, but without operational resilience and sustained investment in people, the threat will continue to outpace defenses.