• Michael Borgers
    685aeb1022f49f952360ce13 Dreamstime M 120151503

    Digital reliance is growing, but so are cyber risks. Is your operation prepared?

    June 25, 2025
    The M&S incident underscores a broader and more critical truth: Any organization that relies on digital systems is vulnerable.

    What you’ll learn:

    • The repair bill for the M&S breach exceeded $27.25 million.
    • Every new digital connection is also a new potential vulnerability.
    • Manufacturers and critical infrastructure are prime targets for hackers.

    In May, Marks & Spencer, one of the U.K.’s most recognizable retail brands, fell victim to a major and costly cyberattack. Hackers accessed sensitive customer and internal data, leading to widespread service disruption, regulatory scrutiny, and a repair bill reportedly exceeding 20 million pounds ($27.25 million). But the financial impact wasn’t the only cost; M&S also suffered a significant hit to its reputation, trust, and operational resilience.

    While it may appear to be an online retail-specific issue, the M&S incident underscores a broader and more critical truth: Any organization that relies on digital systems—whether for finance, HR, or operational and manufacturing processes—is vulnerable.

    See also: Without strict security governance, AI could become a liability

    For industrial sectors such as oil, gas, chemicals, and power, where technology underpins everything from maintenance planning to safety management, the stakes are significantly higher. If a cyberattack can cripple a retail business or manufacturing operation, consider the far-reaching financial, reputational, and safety consequences of a breach that disrupts core systems, compromises safety protocols, or shuts down an entire plant.

    Why industrial organizations are high-value targets

    In today’s industrial environment, digital tools are integral to safe, efficient, and compliant operations. From permit to work and maintenance software to environmental health and safety (EHS) technologies, businesses are embracing digital transformation to improve planning, performance, and control.

    But every new digital connection is also a new potential vulnerability. Critical infrastructure industries are a prime target for hackers, oil, gas, and other valuable resources are relied on by millions, providing the energy and resources needed to keep cities moving.

    See also: Survey shows ‘widespread governance failures’ in AI data security

    Attacks are often high-level, coordinated, and well-funded. But processing facilities aren’t just attractive targets because of their scale, they’re also targeted because of what’s at stake. If your job hazard analysis software is manipulated or your lockout tagout system is breached, the impact isn't just financial—it’s human.

    Imagine a cyberattack that disables your isolation protocols during a shutdown or compromises your audit and risk management software just before a major compliance inspection. The risks to people, production, and compliance are real—and they’re growing.

    And the damage doesn’t stop at downtime. As the M&S case highlights, reputational harm can be long-lasting. For industrial firms where safety and reliability are part of the brand promise, the reputational risk is immeasurable.

    Evolving risk management for a digital era

    For years, operational risk management in the industrial sector has been dominated by physical threats—equipment failure, hazardous materials, and human error. But in 2025, the threat landscape is digital, too.

    See also: AI can expose manufacturing data to risk, so audit your implementations, third-party links

    Modern operational risk management software must do more than manage planned outages or turnaround risk—it must include digital threat monitoring, access controls, and cybersecurity resilience. Risk needs to be managed holistically, blending traditional HSE practices with IT and OT security protocols.

    Similarly, your safety management system software and EHS platforms need to go beyond compliance checklists. They must be secure, up-to-date, and capable of withstanding both internal errors and external attacks.

    Digital risk is now a core part of compliance

    Regulators around the world are paying closer attention to the digital integrity of safety-critical systems. In the U.K., for example, HSE guidance already includes cybersecurity as part of broader process safety evaluations.

    See also: IT and OT: Stronger together in the battle against cyber threats

    This means that even if you’ve met the operational requirements of your health & safety software, you may still be exposed if your systems are not cyber-secure. For those managing shutdowns, turnarounds, and outages, overlooking digital compliance is no longer an option.

    And with the increasing use of environmental management system software, data integrity is vital—not only for safe operation but also for avoiding environmental penalties and protecting your public image.

    Building resilience: What industrial leaders should do now

    Senior management, owners, and stakeholders must make digital resilience a board-level issue. Here’s how:

    1. Integrate cybersecurity into your risk assessments: Whether you’re using enterprise risk assessment software or paper-based RAMS, include scenarios that account for system outages, data breaches, or cyber manipulation.
    2. Ensure your EHS technologies are cyber-ready: Choose the best EHS software not just for functionality, but for built-in security features. Ask providers about their encryption, patching process, and threat detection.
    3. Review your digital supply chain: If your permit-to-work system or safety compliance software is cloud-based or relies on third-party integrations, assess the risk exposure across the full tech stack.
    4. Build a cyber response plan into your operations strategy: Facility maintenance teams and EHS leaders need protocols not just for fire or chemical leaks—but also for digital threats. Prepare now, not after an incident.

    The cost of inaction

    The M&S breach is a stark reminder: No organization is too big, too trusted, or too well-established to be targeted. For industrial businesses, the stakes are even higher.

    A single vulnerability in your EHS safety software, permit system, or digital turnaround plan could trigger a cascade of failures—operational, environmental, and reputational. And when these systems are compromised, the cost isn’t just in repairs or fines. Its trust lost with regulators, partners, and the communities you serve.

    See also: Leading cyberattack against manufacturing sets record in Q1

    Digital transformation has changed the way we work—and the way we need to think about risk. Investing in secure, integrated safety software and enterprise asset management tools is no longer just an IT decision. It’s a business-critical move for every industrial leader.

    Cybersecurity is now part of safety.

    Digital resilience is now part of operational excellence.

    Are you ready?

    About the Author

    James Holt

    James Holt is the commercial director at IAMTech, which develops software solutions for the oil, gas, chemical, and power industries. He joined the company in May 2024 after more than two decades in operational leadership roles within the global contracting sector. He spent 22 years managing operations with the last two years responsible for overseeing the operational HSE Managers across the U.K., Ireland, and Nordic nations.

    Continue Reading

    Sponsored Recommendations