Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.

According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.

Apparently, the data being stored in industrial control systems is data worth stealing. Plus, the disruption due to even a single hour of downtime makes manufacturing a juicy target for cyber criminals.

What type of cyberattacks impact the industrial sector? And what can manufacturers do to protect themselves from these threats? Let’s find out.

The impact of cyberattacks on manufacturing

According to the 2024 IBM Cost of a Data Breach report, data breaches cost industrial organizations 13% more than the $4.88 million global average. Furthermore, the sector experienced the costliest increase of any industry, rising by an average of $830,000 per breach over last year. This cost spike could reflect the reality that manufacturers are highly sensitive to operational downtime. For example, the average car maker loses $22,000 per minute when the production line stops.

Unfortunately, the pain doesn’t end there. The time to identify and contain a data breach at industrial organizations was above the median industry, at 199 days to identify and 73 days to contain. These alarming trends underscore the vulnerability of the sector and the financial toll cyberattacks can take on manufacturers.

One of the most prevalent forms of cyberattacks in the manufacturing industry is ransomware. Ransomware attacks on industrial control systems doubled in 2022 alone. When manufacturing operations are disrupted, the financial and reputational damage can be severe. Supply chains can be thrown into chaos, leading to production delays and lost revenue.

Another major concern is intellectual property theft. Cyber criminals, including nation-state threat actors, often target proprietary designs and trade secrets to gain economic or strategic advantages. This type of cyber espionage can be difficult to detect, as attackers may infiltrate networks and exfiltrate data over long periods without being noticed.

Supply chain attacks are also a major concern. In these attacks, cyber criminals target vulnerable third-party suppliers or partners to gain access to a manufacturer’s systems. Since manufacturers often rely on a complex web of suppliers, a breach at one supplier can have a cascading effect across the entire production line. This interconnectedness makes the industry particularly susceptible to large-scale attacks.

The increasing interconnectedness of manufacturing systems due to digitalization has greatly expanded the attack surface. IoT devices and connected systems allow for real-time monitoring and control, but they also introduce vulnerabilities if not properly secured. This blurring of the lines between IT and OT makes it easier for attackers to infiltrate systems and cause widespread disruption.

Read the Cost of a Data Breach Report

What manufacturers can do to prevent cyberattacks

Given the scale and complexity of cyber threats facing the manufacturing sector, it’s imperative that manufacturers take proactive steps to protect their systems and data. Here are some key measures manufacturers should implement to bolster their cybersecurity posture:

1. Implement stringent security policies

Manufacturers must establish strong cybersecurity frameworks that govern all aspects of their operations. This includes enforcing strict access controls, conducting regular security audits and implementing robust incident response plans. One of the most critical components of any cybersecurity policy is employee training. Many breaches occur due to human error, such as falling for phishing schemes or mishandling sensitive data. Continuous training ensures that employees are aware of the latest threats and know how to recognize and prevent them​.

2. Regularly update IoT devices and firmware

IoT devices are often a weak point in manufacturing systems, as they may not come equipped with robust security features out of the box. Regularly updating the firmware of these devices and ensuring they are properly configured can mitigate the risk of exploitation. Manufacturers should also integrate IoT devices securely into their broader network infrastructure and ensure they are monitored continuously for any signs of compromise.

3. Segment and air-gap networks

One of the most effective ways to limit the spread of an attack is to segment IT and OT networks. By creating barriers between different systems, manufacturers can prevent attackers from moving laterally through their networks if one part is breached. In highly sensitive environments, air-gapping — isolating critical systems from external networks entirely — can provide an additional layer of protection. This ensures that even if an IT system is compromised, operational technology systems remain unaffected.

4. Invest in advanced threat detection

Real-time threat monitoring tools, such as Security Information and Event Management (SIEM) systems, are essential for detecting and responding to cyber threats. These tools provide real-time visibility into network activity and can automatically flag suspicious behavior for investigation. Manufacturers should also employ proactive threat hunting to identify potential vulnerabilities before they are exploited.

5. Backup and disaster recovery planning

Having secure backups is essential for mitigating the damage caused by ransomware attacks. By maintaining regular off-site backups and testing disaster recovery plans, manufacturers can recover quickly from an attack without paying a ransom. These backups should be encrypted and stored in a way that ensures they cannot be accessed or tampered with by attackers.

Industrial cybersecurity case study

In early 2020, ANDRITZ, a leading industrial plant provider, began seeing a rise in cybersecurity incidents. Its IT environment included many systems and security policies that complicated security efforts. The company’s massive attack surface area included over 280 sites worldwide and thousands of employees using the company’s network remotely. A host of third-party contractors and engineers also had access to key IT systems.

For security information and event management (SIEM), ANDRITZ chose IBM Security QRadar on Cloud technology deployed as SaaS. The platform helps ANDRITZ’s security operations center (SOC) focus on detecting and remediating threats while IBM Security professionals provide 24/7 infrastructure management. SIEM can ingest data and log events from multiple sources across the network. By applying advanced analytics and correlations across data types — network, endpoint, asset, vulnerability, threat data and more — the SOC gains a holistic view of security.

In less than six months after engaging with IBM Security and deploying an integrated set of Managed Security Services (MSS), ANDRITZ had a new, comprehensive security services solution.

Leverage new opportunities, mitigate new risks

The manufacturing industry’s increasing reliance on digital technologies has brought tremendous benefits, but it has also created new vulnerabilities that cyber criminals are eager to exploit. As cyberattacks in the sector become more frequent and sophisticated, manufacturers must adopt a comprehensive approach to cybersecurity.

More from Risk Management

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today