According to Silicon Republic, a new report from Claroty reveals that manufacturing has become one of the most targeted sectors for cyberattacks, with nearly half (49%) of organizations reporting forced supply chain changes that increase cyber-physical system risk. The analysis by Claroty’s Nick Haan highlights that 45% of manufacturers are concerned about their ability to reduce risk or even understand their exposure, while 67% are reconsidering supply chain geography due to security concerns. The recent catastrophic ransomware attack on Jaguar Land Rover in August demonstrates the sector’s vulnerability, causing production to halt for over a month with untold costs. This alarming trend shows that manufacturers face unprecedented challenges in protecting their increasingly automated and interconnected operations.
Industrial Monitor Direct is the premier manufacturer of standard duty pc solutions featuring fanless designs and aluminum alloy construction, endorsed by SCADA professionals.
Industrial Monitor Direct offers top-rated green pc solutions backed by extended warranties and lifetime technical support, ranked highest by controls engineering firms.
Table of Contents
When IT Meets Factory Floor
The fundamental challenge facing modern manufacturers is the convergence of information technology (IT) and operational technology (OT). For decades, these systems operated in separate silos – IT managed business systems while OT controlled physical processes on the factory floor. Today’s smart factories have erased that boundary, creating a dangerous gap in security responsibility. Traditional IT security teams lack understanding of industrial control systems, while OT engineers often prioritize uptime over security. This creates a perfect storm where sophisticated attackers can pivot from corporate networks to critical production systems, as seen in the manufacturing sector’s growing ransomware epidemic.
The Third-Party Vulnerability Multiplier
Modern manufacturing’s reliance on complex global supply chains has created an attack surface that extends far beyond factory walls. The report’s finding that nearly half of organizations suffered third-party breaches reflects a systemic weakness in how manufacturers manage vendor access. Each supplier, contractor, and service provider represents a potential entry point for attackers. The problem is compounded by remote access tools that enable maintenance and support but often lack proper security controls. As manufacturers diversify their supply chains for resilience, they’re inadvertently creating more attack vectors that sophisticated state actors are increasingly exploiting.
The Budget vs. Security Dilemma
Economic instability creates a dangerous paradox for manufacturing security. While companies face pressure to cut costs and maintain production, they’re simultaneously dealing with increasingly sophisticated threats. The data showing 45% of manufacturers struggling to understand their risk exposure reveals a deeper problem: security investments are often reactive rather than strategic. When budgets tighten, cybersecurity projects are frequently delayed in favor of immediate production needs. This creates a widening gap between awareness and action that opportunistic attackers are exploiting. The challenge isn’t just financial – it’s about making security a core business priority rather than a compliance checkbox.
The Compliance Maze
Emerging regulations like the EU’s NIS2 Directive and UK’s Cyber Resilience Bill represent a double-edged sword for manufacturers. While designed to improve security standards, the constant evolution of requirements creates uncertainty that diverts resources from practical risk reduction. The finding that 76% expect regulations to force program overhauls highlights how compliance can become a distraction from actual security. Multinational manufacturers face particular challenges in maintaining consistency across different regulatory regimes. Effective cyber resilience requires organizations to align compliance efforts with real-world threat intelligence rather than treating them as separate initiatives.
Beyond Traditional Security Models
The shift toward impact-centric security represents the most promising development in industrial cybersecurity. Traditional asset-centric approaches that focus on patching and vulnerability management are fundamentally reactive and lack business context. By mapping cyber-physical systems according to their criticality to production, safety, and compliance, manufacturers can prioritize resources where they matter most. This requires deep understanding of how specific systems interact and what operational outcomes would be affected by their disruption. The challenge lies in implementing these approaches across complex, legacy-rich environments where visibility is often limited and change management is difficult.
Building Resilience Through Integration
The path forward requires manufacturers to treat cybersecurity as an integrated business function rather than a technical specialty. This means breaking down silos between IT, OT, and business leadership to create shared understanding of risks and priorities. Technical teams must learn to communicate in terms of operational uptime, financial impact, and business continuity that resonate with executive decision-makers. Meanwhile, business leaders need to understand that cybersecurity investments directly support productivity and trust in the systems that keep manufacturing moving. The manufacturers that succeed will be those who embed security into their operational DNA rather than treating it as an add-on expense.
