Claroty’s Nick Haan discusses his organisation’s latest report on the cybersecurity challenges facing the manufacturing sector.
It’s a tense time for the manufacturing industry. The catastrophic ransomware attack on Jaguar Land Rover in August was a powerful demonstration of the worst case scenario for the sector. Production ground to a halt for over a month and untold costs for the company and its extended network of suppliers – it’s the outcome all manufacturers have come to dread.
But the incident is far from a one-off. It captures the broader reality facing the manufacturing sector. Many industrial organisations are increasingly concerned about security risks to their cyber-physical systems (CPS), exacerbated by economic and geopolitical uncertainty.
Shifting global supply chains and mounting financial pressures mean the systems powering modern factories are under growing strain. In a world where efficiency and automation are essential to staying competitive, manufacturers must also keep a focus on their cyber resilience.
Why manufacturers are such a valuable target
Manufacturing has become one of the most valuable and vulnerable targets for independent cybercriminal groups and state-backed groups alike.
As factories modernise through automation, robotics and interconnected supply chains, the industry’s attack surface has expanded dramatically. Disruptive tactics, such as ransomware, that focus on operational downtime can quickly result in substantial financial losses. This provides powerful leverage for financially motivated groups issuing ransoms and blackmail demands, as well as a clear target for state actors seeking economic disruption.
State actors are increasingly targeting extended supply chains to maximise the impact of their attacks.
Manufacturers are also popular targets for data theft due to their high-value intellectual property such as pharmaceutical formula, operating system source codes and other trade secrets.
These attacks are often carried out by groups for state-sanctioned espionage to gain a competitive advantage or to circumvent sanctions and restrictions.
Breaches linked to third-party vendors and remote access tools are becoming increasingly common as manufacturers rely on a web of partners to maintain their global operations. Currently, nearly half of leaders responsible for the protection of CPS in organisations have reported suffering a breach linked to third parties in the last 12 months.
The uncertainty caused by these threats is also reshaping long-term security priorities. Two-thirds of organisations (67pc) are reconsidering their supply chain geography, while 73pc are re-evaluating third-party remote access due to the spiralling number of attacks exploiting these connections.
Why economic instability is undermining risk reduction
While the manufacturing industry recognises the growing threat, many organisations are struggling to keep pace. Nearly half (49pc) of organisations state that they have been forced to implement supply chain changes driven by shifting economic and geopolitical policies, which are increasing CPS risk. A similar number (45pc) are concerned about their ability to reduce that risk or even fully understand their exposure.
Disrupted supply chains, fluctuating costs and trade restrictions are forcing difficult choices between protecting operations and maintaining output.
The challenge is compounded by constrained budgets and competing business pressures, which often delay critical upgrades or visibility projects.
There is a widening gap between awareness and action, leaving essential production systems exposed to increasingly opportunistic attackers.
Regulation is adding pressure
Manufacturing has always been a sector heavily guided by regulatory compliance, particularly with its close association with critical national infrastructure. Most manufacturers (69pc) are already aligning their CPS programmes to frameworks such as NIST and ENISA.
However, there is a high level of uncertainty around emerging regulations such as the EU’s NIS2 Directive and UK’s Cyber Resilience Bill. Three-quarters (76pc) expect emerging regulations to force an overhaul of their existing programmes.
While regulations are designed to build stability, the constant evolution of standards risks creating uncertainty, diverting attention and investment away from practical risk reduction. Frequent adjustments make it difficult for multinational manufacturers to maintain consistency across regions and supply chains.
Regulation can be a catalyst for improvement, but it must also be paired with agility, allowing organisations to align compliance with real-world threats.
A smarter model for CPS protection
Manufacturers will need to rethink previously reliable strategies to build true cyber resilience for their CPS in such uncertain times. The industry has typically relied on traditional security models that are largely asset-centric, focused on cataloguing devices, applying patches and monitoring known vulnerabilities.
While this provides an important security foundation, it’s largely reactive and lacks critical business context. A vulnerability in a production line controller or safety system carries far greater consequences than one in a peripheral device, for example, but these distinctions are often lost in traditional approaches to vulnerability management.
Enterprises should adopt an impact-centric approach that prioritises security based on how disruption would affect operational and business outcomes. By mapping CPS assets according to their criticality to production, safety or compliance, organisations can focus security resources where they matter most.
Building resilience through collaboration and visibility
Building cyber resilience demands more than technology; it requires collaboration across every layer of the organisation.
Manufacturers have often suffered from a heavily siloed approach to security, with teams responsible for IT and operational technology (OT) systems rarely collaborating. On top of this, non-technical business leadership will be at another step of removal.
IT and OT teams must work together to ensure visibility across operational networks, while leadership embeds cybersecurity into broader business planning. This requires both the right solutions to enable collaboration and processes that will facilitate communication and visibility between teams. At the same time, technical heads must be able to communicate in terms that boards understand and value, focusing on operational uptime, financial loss and continuity of service.
The good news is our research shows many manufacturers are already taking steps in this direction, with nearly half conducting regular security audits.
Amid ongoing uncertainty, clarity remains manufacturers’ strongest defence. A pragmatic, impact-driven view, enabled by the right tools and processes, will ensure that every investment in security directly supports resilience, productivity and trust in the systems that keep manufacturing moving.
By Nick Haan
Nick Haan is field CTO for strategic partners at Claroty. He’s an IT professional with several years progressive experience in industrial cybersecurity. His expertise lies in delivering cybersecurity solutions in dynamic, global environments.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.