Manufacturing cyber security guide

https://www.themanufacturer.com/articles/manufacturing-cyber-security-guide/

Publish Date: 2026-02-02 03:49:00

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

Protecting your factory floor from digital threats has never been more important, as last years high-profile breach at Jaguar Land Rover (JLR) has showed. In this practical guide, Molly Cooper explains the essential steps manufacturers can take to strengthen their cyber security, safeguard operations and keep production moving.
Why cyber security is now the top priority for modern manufacturers
Cyber security is the practice of protecting systems, networks and programs from digital attacks.
These cyber attacks are usually aimed at accessing, changing or destroying sensitive information; extorting money from users through ransomware; or interrupting normal business processes.
Within manufacturing there are unique elements that are present such as manufacturing and production processes, operational technology and critical national infrastructure to also protect.
Typically, production processes run on a separate network to corporate operations, but the concerns they have should be the same as many other businesses.
Attackers are not always looking for specific manufacturers, they are looking for the most vulnerable.
The evolving threat landscape: why factories are the new top target
Once upon a time, cyber security was not an issue for manufacturers. Many older and more traditional industries were not connected via online systems; they were human operated machines, with on and off buttons. There was a far greater reliance on mechanical and analogue systems than digital or software driven processes. Now however, cyber criminals have cottoned on to the fact that manufacturers are increasingly digitising their operations and as such, have a plethora of avenues to access and potentially exploit.
Not only that, but the landscape of cyber attacks has also evolved. Years ago, hackers would target large financial institutions and government agencies, but now ransomware, phishing emails and supply chain attacks are far more common within manufacturing. In the last few years financial services firms have invested heavily in cyber security and are now very well protected in comparison to manufacturing, which has typically not been as tuned in to the risks and dangers and as such, is now the most targeted sector for cyber criminals.
These ne’er do wells also have more financial incentives than ever before, with many criminals choosing this type of activity for this reason. Ransom amounts and extortion prices from the threat of selling stolen data are a few of the methods in which criminals can financially gain from the attacks. Cyber crime also knows no boundaries; it can take place anywhere in the world, from anywhere in the world – meaning investigations and prosecution can be extremely difficult for law enforcement to implement. Cyber criminals now have the advantage, as it is easier to attack than defend.
Cyber security has flown under the radar for manufacturers for many years. The absence of a need for cyber security in previous generations has resulted in a lack of awareness around the topic, and therefore, there has been a dearth of investment in that area. Related to the growing skills gap within manufacturing, many firms do not have the necessary cyber security expertise and experience in-house to get the business up to speed on the current landscape.
Yet, even with protection, the ways in which attacks are evolving means that manufacturers are often trying to hit a moving target. It is unrealistic to assume that your operations are impenetrable, so it’s about having a robust response plan and knowing the steps that you can take to make sure you can recover as quickly as possible.
Understanding ransomware: what cyber criminals want from your business
Manufacturers have employee, customer and operational data that they need to protect, but often the question is, how?
Hackers are looking for any compromise in a business system to then hold it to ransom. This is called ransomware and is the most popular kind of attack on manufacturing businesses in the current climate. This can cause manufacturing processes to shut down and cost businesses millions of pounds per day, or in some cases per hour. The hacker’s aim is to push the business into a corner where they will have no other option but to respond and pay the ransom to ultimately save the company.
So how do we stop this from happening? Companies need to ensure that there is no compromise to be found in the beginning and they can do this with correct cyber prevention techniques. When it comes to cyber security, prevention is better than a cure. By ensuring all your windows and doors are closed, you leave no route for hackers to get in to your business and the chances of a company’s data being breached becomes much less.
Vulnerabilities in servers and technology are still the most harmful aspect of cyber attacks. On the market there are many intelligent technologies and solutions available, plus post-incident support and forensics for businesses to implement which can provide notifications if and when an attack occurs and help find the cause. However, most businesses could spend less on preventative methods to stop the attack happening in the first place.
Cyber security experts stress that nothing is fool-proof when it comes to cyber security solutions. A prime example is banks who spend tens of thousands of pounds each year on cyber security systems and still we read stories in the news of breaches.
However, a manufacturing company that only performs the basics to keep its systems patched is more likely to be targeted than those who are using prevention techniques and competent response systems.
Critical cyber threats: from phishing to IT/OT convergence
Ransomware and insider threats

Ransomware is a type of malware and continues to be the biggest threat to businesses right now. It can also be very random in terms of who it lands on and impacts. According to a World Economic Forum report published in April, cyber attacks on the manufacturing sector accounted for more than one quarter (26%) of all attacks worldwide, with ransomware comprising 71% of these. In 2023 alone, the number of ransomware attacks on industrial infrastructure doubled, posing a significant threat to supply chain and manufacturing operations.

However, sometimes it does have a targeted element to it. For a hacker, ransomware can assess 20 manufacturers, for example, to see which can be compromised mostly easily. Once the attack has been set in motion, the hacker will begin to ask the company for money to stop the attack and in some cases, companies will pay to prevent any further loss of money and production time, and damage to their brand through exposure of the attack.

The insider threat is always something to be aware of. People are a company’s biggest asset however, there have been cases of disgruntled ex-employees or fraudulent activities where businesses have been compromised from the inside.

In most cases, the person in question is usually ignorant of the fact that they have allowed a threat to penetrate their company’s systems. This often occurs through an attack called phishing. Phishing is when attackers send emails or messages that contain malicious links to websites. These websites can contain malware and sabotage a company’s systems. Traditionally, there were tell-tale signs that an individual or business could watch out for which would give a phishing email away. Nowadays, however, these emails have increased in sophistication and are becoming more and more difficult to spot.
They can create the impression of being sent from a colleague by using a subtly different email address or relevant messaging. When an attack occurs from a phishing email, this is often due to a lack of personnel training. Employees who work within IT are usually well versed in cyber security, but OT employees may prioritise operational efficiency over security. Regular training against the latest attack vectors can instill a safer cyber culture – remember, a business is only as strong as its weakest link.
Malware: viruses, worms and trojans

Viruses, worms and trojans are also types of malware and are typically designed to disrupt, damage or gain unauthorised access to a computer system. The aim of any malware is to hold the user/s to ransom so their business can continue, to prevent a data leak or to stop other detrimental incidents from occurring.

A virus attaches itself to other programs or files when implemented. The virus can also write its own code, thus spreading infections as it moves through the system. A virus can exist on a computer but cannot infect it unless it is opened or allowed to run. It is the user of the computer than continues the spread of the virus by sharing infected files or sending emails.
A worm can spread from computer to computer and has the capability to travel without attaching itself to a program first. They typically spread through the internet or LAN connections. The danger of a worm lies in its ability to replicate itself on a system. Instead of just one worm being sent from a computer, it can generate hundreds or even thousands of copies, leading to a massive and destructive impact.
A trojan horse is a type of malware that misleads users of its intent. It appears as a genuine application or software program but instead is destructive. Although it is not able to replicate itself it does allow entry to a computer for other malicious users and programs to enter a system.
DoS and DDoS attacks

Spyware is designed to enter a user’s computer, gather data from the device and sell it to third parties without the user’s consent. The information stolen can be sold to advertisers or other cyber criminals to be used as leverage for ransom.
Denial-of-service (DoS) attacks overwhelm a server with excessive traffic, rendering a website or resource inaccessible to users. A more advanced form of this attack, known as a distributed denial-of-service (DDoS) attack, disrupts normal traffic to a server, service or network by flooding it with traffic from multiple compromised systems. Unlike a standard DoS attack, DDoS leverages numerous infected devices to amplify its impact. Its aim is to render the site or server unusable or take it offline completely.

Even though these are the biggest threats facing businesses, there are also common flaws right now inside businesses that are acting as gateways to attackers.
The risks of IT/OT convergence and supply chain weakness
IT and OT vulnerabilities are rising due to the acceleration of convergence between operational technology (OT) and information technology (IT) in global manufacturing firms. This expands the surface that can be attacked. Whereas traditionally, business networks, emails and cloud storage were separated from industrial control systems, now, with digital transformation, these often have gateways to one another through remote access, allowing hackers into all systems.
Supply chains can sometimes be a company’s weakest link. A single compromised supplier can introduce malware into a manufacturer’s network. Attackers may exploit third-party software or hardware components used in production.
Businesses need to be looking at who they are working with and how secure their systems are. No one entity has ownership over the whole supply chain – despite the fact that it is intrinsically connected – and as such, responsibility for cyber security up and down the supply chain is distinctly opaque. Businesses need to understand their footprint; even though another supplier may be responsible for an attack, a different business may well be held accountable.
Cyber resilience strategies: prevention, detection and insurance
Preventative methods/ penetrative testing: This is a security exercise where a company hires cyber security experts to attempt to find and exploit vulnerabilities in their cyber systems, this is also known as ethical hacking. After a penetrative test, the ethical hacker will share their findings with the target’s security team and make them aware of any weak spots before an attacker does. They will then take action to repair them.
For some experts, this is seen as the best form of cyber security a business can have and is the best way to be proactive in your business. It strengthens cyber resilience while helping to identify flaws within your system in a safe way.
Automated threat detection and response systems: The main goal of these systems is to minimise the duration in which a threat is in a company’s systems before being detected, as well as enabling organisations to identify and respond to them as they occur. The system will immediately notify the security team, and a decision can then be taken on whether or how to respond, or an automated, targeted response will be deployed.
Real-time threat detection includes continuous monitoring, automated alerts, integration with security tools, AI and machine learning and incident response.
For manufacturers these systems can minimise downtime due to rapid detection and prevent production halts, enhance security protecting critical assets, aid regulatory compliance and reduce the burden on internal security and IT teams. However, this is only triggered when an attack or suspected attack is/or has occurred. Outside of an attack, the software works in the background searching for threats, and does not test your systems or improve the existing security.
Cyber security insurance: Also known as cyber liability insurance, it protects businesses from financial losses resulting from cyber attacks such as ransomware and data breaches. In brief, there are two types of cyber insurance coverage and it is important to discuss with an insurer which would best suit your company’s needs.
First-party cyber coverage covers legal counsel, recovery and replacement of stolen data, loss of income due to business interruption, crisis management and PR, cyber extortion and fraud, service to investigate breach and fines related to incidents.
Third-party cyber coverage covers liability if a third-party brings claims against you. This could be an entity within your supply chain or partner. This cyber coverage covers the legal defence of the suit and costs of the settlement. This covers affected payments to consumers, claims, settlements from lawsuits, copyright or trademark infringement and accounting costs.
Cyber security insurance works best in conjunction with other cyber security protection. If a business can prove that they have other measures in place and are continuously testing their systems, as well as addressing and identifying vulnerabilities, it can result in lower insurance costs.
The business case for security: reducing downtime and protecting IP
Less downtime: When machines are off, businesses lose money. A cyber attack can place machines out of action causing a halt in production. If products are not being made, customers can become agitated and may begin to look elsewhere for what they need. This also causes reduced productivity and loss of profits. If preventive measures are in place a company can stop an attack before it happens or know how to recover if it does.
Secure intellectual property: Intellectual property is often of huge importance to manufacturers. Once your system has been infiltrated, intellectual property is breached and can be shared. Maintaining system integrity is crucial to ensuring that processes remain protected. By securing intellectual property, manufacturers can safeguard their research and development investments, and maintain trust with partners and customers without fear of compromise.
Brand loyalty and customer satisfaction: It is never an easy conversation to tell your customer base that your database has been hacked and the production line has been halted. Not only that, but for large corporations there is the possibility that a security breach could make local or national news, portraying the company as unsecure, incompetent and an easy target. Customer trust and respect is vital for a thriving and growing business.
Lower recovery costs: No cyber attack protection is fool-proof but implementing prevention technologies can greatly reduce the risk of being attacked.
Companies do not need to spend millions of pounds on intrusion detection systems even though the market is full of disaster recovery and incident response providers. Operationally, manufacturers need to prevent incidents before they happen to protect themselves from fines and loss of business.
Any business will struggle to justify a large spend on something that has never – or may never – happen. Many would prefer to invest in new projects or marketing campaigns. However, the cost of prevention measures will be far cheaper than the cost of getting a business back on its feet following a cyber attack
Case studies: lessons from high-profile industrial cyber attacks
All this is by no means theoretical. Manufacturers have been attacked all over the world, and will continue to be targeted as they become more connected. Manufacturers will always be prime targets due to their new reliance on interconnected systems spanning multiple locations, the valuable intellectual properties they own and the high-value data they store. Here are some examples of attacks that have occurred in the sector during the last ten years.
Reckitt Benckiser Group
In 2017, consumer goods company Reckitt Benckiser Group were the victim of ransomware, Goldeneye. The company faced a major loss to revenue (estimated $117m) after the attack affected production at factories and distribution across sites.
The initial infection vector that triggered Goldeneye was a compromised update in tax software MeDOC used by a number of institutions in Ukraine. The attack was contained soon after working with IT teams.
Volkswagen Group
Between 2010-2015, Volkswagen Group were an ongoing target for data theft. Over the course of a few years, hackers breached the company’s systems and stole at least 19,000 documents concerning gasoline engines, transmission development, fuel cells and electric vehicle initiatives.
It is reported that hackers began analysing Volkswagen’s IT network in 2010, looking for vulnerabilities, and had succeeded in entering the company’s systems just a year later.
Over the course of the next four years many data leaks were reported. When investigated, IT experts managed to recover files that the hackers had sent to their own servers and subsequently deleted. Therefore, it was discovered just how many documents had been stolen. Volkswagen only acknowledged that the breach took place in 2024.
Dole Foods
In February 2023, Dole Foods, an agricultural multinational corporation and one of the largest producers of fruit and vegetables worldwide, suffered a ransomware attack.
The attack resulted in the shutdown of North American operations to contain the spread of employee information, which was estimated at 3,885 profiles stolen. The hackers accessed names, addresses, driver license numbers, passport numbers, dates of birth and phone numbers. It impacted half of the company’s legacy computer servers and one quarter of its end-user computers.
It incurred $5.7m in costs related to the attack. Third-party cyber security experts helped to investigate and aid in the recovery from the attack.
ThyssenKrupp
In February 2024, German industrial engineering and steel production multinational conglomerate, ThyssenKrupp, headquartered in Essen, Germany, had its production shut down. A ransomware attack targeted ThyssenKrupp’s Automotive Body Solutions unit but was stopped early due to the swift detection of malicious activity.
As a precautionary measure in the company’s cyber incident response, systems were shut down to block unauthorised access and prevent the potential spread of ransomware.
Jaguar Land Rover
In early September 2025, Jaguar Land Rover (JLR), owned by Tata Motors, suffered a major cyber attack which forced the company to shut down its systems and pause vehicle production across the UK, China, Slovakia, and India to contain the breach.
The attack, attributed to a hacker or group, triggered a production shutdown lasting more than three weeks and halted output of roughly 1,000 vehicles per day. Reported losses reached £50m to £72m weekly, with emerging estimates of over £1bn in revenue impact.
JLR confirmed that “some data” was affected, though there was no evidence of customer data theft, and has engaged third-party cybersecurity experts and government agencies to investigate and restore operations.
Scaling security: cyber protection for SMEs vs. large enterprises
The best solutions are not always the most expensive, but when it comes to cyber security, some businesses believe the more you pay the more protection you get. However, cyber security is not a one-size-fits-all solution.
Large enterprises typically face more complex challenges requiring bigger, scalable solutions and frameworks to work against. Often, they will spend millions on a solution, a consultancy to implement and manage it and another system that logs all activity and continuously searches the network for threats and signs of compromise. This is all very useful and can be a great asset to large businesses when questioning an IP address they don’t recognise or unwanted communication with a system in another country.
Small businesses cannot always afford to spend that much on threat intelligence systems however. But there are ways they can use what money they do have wisely. Supply chains and systems can be smaller and wider global issues not as relevant. Their focus is securing their network, and this can be done through continuous prevention testing with automation.
Although AI and machine learning do play a role for the bad guys, it can also play a virtuous role for businesses too. Cyber security companies can implement automated defences, meaning that systems can be tested without any manual intervention from the provider or business. In turn, costs can be reduced, and businesses will only spend when prevention testing finds an issue that needs investigating.
Smaller businesses tend to be smarter with their money because they have to, while larger corporations can easily splash on the ‘complete’ system, even if it isn’t. Preventative testing can cost pennies in comparison, and no matter how big or small a business, prevention is always better than cure.
Avoid these common pitfalls: shadow IT and lack of strategy
The most common mistake that manufacturers make is not understanding what risks they are exposed to. Cyber security is often a blind spot for those in the industrial space (as evidenced by the low volume of manufacturers that are considering it a priority). And with the growing convergence between IT and OT, those risks are only going to increase. However, for the most part, businesses are forgetting to protect themselves from digital attacks.
Currently most companies do not have any strategies in place and even though they may know how to react in an attack, they do not know how to recover. This suggests many would just pay the ransom to get things up and running again, but what about the losses?
Many manufacturing businesses will have shadow IT, in other words, assets in their technology landscape that have been forgotten about. An example of this is a server or cloud storage being created for a project for a dedicated timeframe and then never used again; or, if the owner of that cloud storage leaves the company and the login is no longer in use. Assets such as these can be easily compromised, providing a route into a business’ system that they weren’t even aware of. This is an area of risk.
Understanding these areas is key because businesses can then allocate budget into the most vulnerable sections of the business. In this case, it could be employee training. It is unrealistic to assume everyone has good cyber security awareness and with some employees, the workplace could be the only environment where they use technology. Not everyone is an expert and anyone can fall for a phishing email, especially at a time when they are becoming more convincing than ever. That’s not to say that areas of attack have to be overly sophisticated. Something as simple as poor password management can open the door to malicious actors.
Shifting the mindset: treating digital security like physical factory safety
Recent research by Omdia found that cyber attacks are on the increase in manufacturing with 80% of firms experiencing a significant increase in overall security incidents or breaches last year. Yet still, many manufacturing businesses have admitted that the cost of cyber security systems is prohibitive – especially for something that isn’t going to be a revenue generator; why would it be a priority if it doesn’t make money for the business?
And it’s wrong to assume that because a business doesn’t manufacture any sensitive materials, it must be safe from hackers. It’s true that some attackers focus on potentially lucrative sectors with sensitive information such as defence, oil and gas, for example. However, if a manufacturer (or any business) makes revenue, this can work as leverage for a hacker who knows they can stop that business from making money and hold a ransom cost over its head.
A common anecdote is that while CEOs and CISOs (Chief Information Security Officers) are concerned over cyber security issues, they struggle to get boards to invest in them. But often, when presented with a real-world analogy, they begin to look at things differently.
Alarms and security cameras will of course be installed around the perimeter of a factory. And employees are trained to only use their own passes or security codes for doors. They are instructed not to let anyone freely enter the building and make sure they ask for ID when they do. Proper and secure lockdown of the facility is ensured each night by closing and locking all doors and windows. This makes it difficult for anyone to enter without permission.
In short, manufacturers tend to have their houses in order when it comes to security and IP in the physical world, so why would the same approach not be applied to IT systems? Why leave cyber doors open for hackers to enter and steal the company’s data. Businesses don’t wait to be burgled before setting up physical security systems, so why wait until a breach to install cyber resilience?
Don’t leave visible vulnerabilities in technology and create an easy target to exploit.
Implementation checklist: three steps to strengthen your cyber defences
As a manufacturer it can be difficult to implement cyber security systems due to the complexity of integrating security into existing legacy systems that were not designed with cyber threats in mind. Not only that but manufacturing operations can’t just cease while any remedial work is carried out so any cyber security measures will usually have to be implemented while operations are still running. And issues such as the skills gap among employees, budget constraints, resistance to change and uncertainty about where to start, are further complicating the process, making it difficult for manufacturers to take the first steps toward a robust cyber security strategy.
However, it is something that must be done and there are some steps to be taken to help.

Risk assessment: The risk assessment of what you want to do, what impact it will have and if it is the right thing to do. Is this the place where you should start? These are all questions which need to be answered before implementation. It also allows the right systems to be prioritised as well as avoiding wasted resources with over-engineering and under-securing.

What’s already in place? Businesses must find out what’s already in place with regards to cyber security. This evaluation prevents businesses from ‘reinventing the wheel’ and allows them to leverage and strengthen what they already have rather than starting from scratch. Some systems may only need updating or additional monitoring which could drastically increase protection without unnecessary spending or a full overhaul.

Test run: Manufacturers must test their systems and not wait for an attack before seeing how they work. Cyber security companies can mimic an attack and then work with manufacturers and their defensive teams to look at how the business and its systems respond when bad things happen. This ensures that you have worked through each step of the process, so if something happens in the real world, you are practiced and prepared. You will know any areas you need to improve on and have a timeline of recovery in case of future attacks.

Thanks to: Darren Anderson, UK Director, Osec
Darren Anderson leads UK operations at OSEC, an offensive security firm specialising in penetration testing and breach simulation. With years at Dell SecureWorks and NCC Group, he has extensive cyber security experience, covering ethical hacking, compliance, and risk management. He advocates for proactive security, emphasising continuous testing through OSEC’s Incenter platform to prevent breaches before they happen.