Unpacking the risks of cyberattacks that bedevil modern manufacturing
What you’ll learn:
- For the fourth consecutive year, manufacturing has been the most targeted sector for cyberattacks.
- Outdated industrial technologies often lack essential safeguards, including authentication, encryption, and patching.
- Despite evident and escalating risks, most manufacturers are unable to devote sufficient resources to cybersecurity.
From IoT sensors for real-time inventory management to AI-driven predictive maintenance, intelligent factories are revolutionizing production with data-driven precision, agility, and efficiency. However, as the factory floor is being transformed through innovation, new windows of opportunity are also being opened for threat actors.
Q&A: Could a software vendor be on the hook if your company's systems get hacked?
For the fourth consecutive year, manufacturing has been the most targeted sector for cyberattacks. The industry saw 89% growth in verified breaches in 2024. The financial fallout of such attacks increased by 125%, a phenomenal rise indicating both the number and severity of threats.
Why does manufacturing draw so much attention from cyberattackers? The simple answer often is that “legacy” systems, usually plant operational technology, are being connected in ways this technology was never designed to function.
The shift to Industry 4.0 has been rapid, but not always smooth for this reason. Convergence of OT and IT is at the core of this shift. OT systems control equipment, robotics, and industrial processes, whereas IT systems manage data, communications, and analytics.
While OT/IT integration delivers operational efficiencies, it also generates dangerous friction. OT was designed for reliability and uptime, not cybersecurity.
Outdated industrial technologies often lack essential safeguards, including authentication, encryption, and patching. Once plugged into larger networks or exposed to the internet, they’re wide open to attacks.
Supply chains: The soft, exploitable underbelly
Manufacturing is not isolated. It operates within vast, complex supply chains involving transport companies, third-party suppliers, raw material providers, and energy companies. Every one of these partners poses potential risk due to inconsistent cybersecurity practices across diverse sectors.
See also: Who do you trust? In manufacturing, the answer should be no one
Attackers commonly target inadequately secured vendor portals or inject malware at software update times to establish early access. Since manufacturing infrastructure is routinely integrated with supplier platforms for logistics, inventory control, or procurement, these breaches will easily cascade into networks and impact production resources in no time.
Both nation-state actors and organized cyber gangs use this indirect route to circumvent stringent perimeter defenses and strike at valuable data and operations, moving from the inside out.
High-value data and intellectual property often are the goal
Manufacturers tend to have some of the most coveted proprietary data on the planet—from automotive designs and factory blueprints to pill formulas and robotic firmware. Whether the goal is espionage, extortion, or disruption, this IP treasure trove is a big motivator for cyberattacks.
Vehicle factories, for example, may hold proprietary navigation algorithms that give them a market edge. Pharmaceutical companies safeguard clinical trial data and drug manufacturing processes with staggering market value. A compromise is not merely a technical problem; it's a strategic defeat with potentially irreparable harm. As industries vie for innovation, attackers pursue the intellect behind it.
Ransomware's unrelenting surge
According to the 2025 Verizon DBIR, ransomware is responsible for nearly half (47%) of all manufacturing data breaches. Compared to other sectors, manufacturing disruptions have a ripple effect throughout entire supply chains, affecting product quality, delivery timeframes, and profitability in general.
See also: Leading cyberattack against manufacturing sets record in Q1
Attack groups have perfected their art to exploit the sector's unique hot buttons: valuable information, revenue-stripping downtime, and OT environments that cannot be patched without halting production lines.
Social engineering and APT campaigns
Human errors continue to represent an enormous cybersecurity threat. Phishing and social engineering attacks allow the attacker to obtain credentials, deliver malware, or conduct business email compromise (BEC) campaigns.
Human-driven vulnerabilities contribute to at least 60% of attacks, either through mishandled USB drives, insecure email interactions, or compromised access through manipulated third-party credentials.
See also: Survey shows ‘widespread governance failures’ in AI data security
Meanwhile, nation state-supported APT actors run prolonged phishing and spear-phishing campaigns to gain long-term access. Their aim is not just to impair, but to monitor, exfiltrate confidential process information, and perhaps manipulate production logic.
Challenges to cybersecurity investment
Despite evident and escalating risks, most manufacturers are unable to devote sufficient resources to cybersecurity. In many manufacturing settings, teams simply don’t receive enough cybersecurity training, which leaves serious gaps in awareness where it matters most.
And for smaller businesses, finding the right experts to protect their digital assets is a constant uphill battle. In addition, legacy OT hardware and proprietary software can’t easily accommodate patches or modern security tools without risking operational disruption.
See also: AI can expose manufacturing data to risk, so audit your implementations, third-party links
In operations where capital is high, any lost hour can run into millions of dollars. Fear of interrupting production can discourage routine system updates and security maintenance. The constant drive to hit just-in-time delivery targets, maintain safety protocols, and boost production often pushes cybersecurity down the priority list.
How can manufacturers gain cyber resilience?
Manufacturers need to transition from scattered defenses to a holistic security agenda that unifies technology, processes, and people. Here’s how:
Defend legacy OT without compromising uptime: To protect legacy OT systems, segment important areas, use virtual patching, impose multifactor authentication for access, and implement strict change management to guarantee safe configuration updates.
Integrate cybersecurity into digital transformation: Embed cybersecurity into new systems and machinery by keeping procurement and architecture aligned with best practices and continually evaluating IT/OT risk to have strong, standardized defenses.
See also: Spearphishing, ransomware remain top cybersecurity threats to manufacturing
Secure the supply chain: Secure supply chain cybersecurity through mandatory vendor attestations, information sharing on threat intelligence, and engaging critical partners in incident-response training to establish clear roles and enhance coordination.
Eliminate human risk: Mitigate the human risk by providing context-specific training with realistic simulations, providing real-time behavioral coaching with timely prompts and nudges, and cultivating cyber talent and leadership, building cybersecurity career paths across both IT and OT environments.
Manufacturing's economic and strategic value attracts cyber threats. Manufacturers need to redefine cybersecurity as critical infrastructure on par with machines, people, and quality.
This entails locking down legacy OT, building security into new tech, strengthening third-party connections, and allowing each employee to identify and halt threats before they gain traction.
