Seqrite India Cyber Threat Report 2026 manufacturing sector under AI attack

AI-powered and automation-driven cyberattacks are increasingly targeting Indian manufacturing plants, raising concerns over production downtime and supply-chain disruption. The findings emerge from the Seqrite India Cyber Threat Report 2026, covering threat activity between October 2024 and September 2025.

Seqrite recorded 265.52 million detections across more than 8 million endpoints in India, averaging 505 detections every minute. Engineering and manufacturing accounted for 3.79 million detections, representing 14.22 percent of total industry volume. The sector ranked among the top three most targeted segments alongside education and healthcare, which together contributed nearly 47 percent of overall detections.

Industrial states mirror threat intensity

The concentration of cyber incidents reflects India’s manufacturing footprint.

Maharashtra recorded 36.13 million detections, the highest in the country, supported by over 556,000 engineering and manufacturing units. Gujarat followed with 24.13 million detections, aligned with its chemical and textile clusters. Karnataka reported 11.64 million detections across more than 225,000 manufacturing units. Tamil Nadu registered 7.51 million detections, supported by 18,900 automotive units and over 142,000 engineering enterprises.

Major industrial cities including Mumbai, Pune, Bengaluru and Chennai ranked among the most targeted urban centres. The pattern indicates that concentrated production and export ecosystems are increasingly in the crosshairs.

Shift from opportunistic malware to automated intrusion

Researchers observed a structural shift in attacker behaviour. Threat actors are moving from opportunistic malware campaigns to structured, automation-driven intrusion chains.

High-volume malware categories included:

• Trojans: approximately 88.4 million detections

• File infectors: approximately 71.1 million detections

Together, these accounted for nearly 70 percent of overall malware activity. Entry points included phishing attachments, compromised utilities, exposed SMB services and infected design tools within factory environments.

This shift indicates a more organised approach to breaching enterprise systems rather than isolated malware incidents.

Ransomware remains low in volume, high in impact

Ransomware represented less than one percent of total detections but carried significant operational risk.

In January 2025 alone, ransomware peaked at 185 incidents and over 113,000 detections. Campaigns such as Xelera and Weaxor drove targeted enterprise intrusions, demonstrating how focused attacks can disrupt plant-level operations.

While numerically limited, ransomware incidents pose a direct threat to production continuity and supply-chain commitments.

Exploit scans target internet-facing systems

Network-based exploitation further expanded exposure. More than 9.2 million exploit scans targeted internet-facing applications including WordPress plugins, Apache Tomcat servers and enterprise management consoles.

At the host level, over 8 million LNK-based exploit detections were recorded. These low-complexity vectors continue to propagate rapidly across shared industrial networks.

Notably, 91 percent of detections originated from on-premise environments. The data suggests that legacy plant infrastructure and hybrid IT-OT integrations remain the primary attack surface.

Data protection moves closer to the shop floor

Beyond operational disruption, breaches in manufacturing environments carry data protection implications. Exposure of design blueprints, supplier contracts, production data and employee records can trigger regulatory scrutiny and reputational risk.

As manufacturing systems become increasingly data-intensive, privacy governance is extending into plant operations. Seqrite stated that industrial enterprises must embed data protection into design systems, vendor integrations and plant analytics workflows rather than treat it as a compliance afterthought.

The company’s Seqrite Data Privacy solution is positioned to support Indian enterprises in aligning privacy controls with the Digital Personal Data Protection Act while maintaining production continuity.

Cybersecurity shifts from perimeter to continuity

As manufacturers integrate cloud platforms, supplier systems and operational technology, the report underscores that cybersecurity must move beyond perimeter defence.

With AI enabling automated reconnaissance, credential abuse and faster lateral movement, risks extend beyond data theft. They directly impact operational continuity, intellectual property protection and supply-chain resilience.

The Seqrite report indicates that India’s manufacturing backbone is now a primary cyber target. The challenge for enterprises lies in strengthening on-premise systems, securing hybrid IT-OT networks and embedding privacy controls without disrupting production workflows.