Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.

According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.

Apparently, the data being stored in industrial control systems is data worth stealing. Plus, the disruption due to even a single hour of downtime makes manufacturing a juicy target for cyber criminals.

What type of cyberattacks impact the industrial sector? And what can manufacturers do to protect themselves from these threats? Let’s find out.

The impact of cyberattacks on manufacturing

According to the 2024 IBM Cost of a Data Breach report, data breaches cost industrial organizations 13% more than the $4.88 million global average. Furthermore, the sector experienced the costliest increase of any industry, rising by an average of $830,000 per breach over last year. This cost spike could reflect the reality that manufacturers are highly sensitive to operational downtime. For example, the average car maker loses $22,000 per minute when the production line stops.

Unfortunately, the pain doesn’t end there. The time to identify and contain a data breach at industrial organizations was above the median industry, at 199 days to identify and 73 days to contain. These alarming trends underscore the vulnerability of the sector and the financial toll cyberattacks can take on manufacturers.

One of the most prevalent forms of cyberattacks in the manufacturing industry is ransomware. Ransomware attacks on industrial control systems doubled in 2022 alone. When manufacturing operations are disrupted, the financial and reputational damage can be severe. Supply chains can be thrown into chaos, leading to production delays and lost revenue.

Another major concern is intellectual property theft. Cyber criminals, including nation-state threat actors, often target proprietary designs and trade secrets to gain economic or strategic advantages. This type of cyber espionage can be difficult to detect, as attackers may infiltrate networks and exfiltrate data over long periods without being noticed.

Supply chain attacks are also a major concern. In these attacks, cyber criminals target vulnerable third-party suppliers or partners to gain access to a manufacturer’s systems. Since manufacturers often rely on a complex web of suppliers, a breach at one supplier can have a cascading effect across the entire production line. This interconnectedness makes the industry particularly susceptible to large-scale attacks.

The increasing interconnectedness of manufacturing systems due to digitalization has greatly expanded the attack surface. IoT devices and connected systems allow for real-time monitoring and control, but they also introduce vulnerabilities if not properly secured. This blurring of the lines between IT and OT makes it easier for attackers to infiltrate systems and cause widespread disruption.

Read the Cost of a Data Breach Report

What manufacturers can do to prevent cyberattacks

Given the scale and complexity of cyber threats facing the manufacturing sector, it’s imperative that manufacturers take proactive steps to protect their systems and data. Here are some key measures manufacturers should implement to bolster their cybersecurity posture:

1. Implement stringent security policies

Manufacturers must establish strong cybersecurity frameworks that govern all aspects of their operations. This includes enforcing strict access controls, conducting regular security audits and implementing robust incident response plans. One of the most critical components of any cybersecurity policy is employee training. Many breaches occur due to human error, such as falling for phishing schemes or mishandling sensitive data. Continuous training ensures that employees are aware of the latest threats and know how to recognize and prevent them​.

2. Regularly update IoT devices and firmware

IoT devices are often a weak point in manufacturing systems, as they may not come equipped with robust security features out of the box. Regularly updating the firmware of these devices and ensuring they are properly configured can mitigate the risk of exploitation. Manufacturers should also integrate IoT devices securely into their broader network infrastructure and ensure they are monitored continuously for any signs of compromise.

3. Segment and air-gap networks

One of the most effective ways to limit the spread of an attack is to segment IT and OT networks. By creating barriers between different systems, manufacturers can prevent attackers from moving laterally through their networks if one part is breached. In highly sensitive environments, air-gapping — isolating critical systems from external networks entirely — can provide an additional layer of protection. This ensures that even if an IT system is compromised, operational technology systems remain unaffected.

4. Invest in advanced threat detection

Real-time threat monitoring tools, such as Security Information and Event Management (SIEM) systems, are essential for detecting and responding to cyber threats. These tools provide real-time visibility into network activity and can automatically flag suspicious behavior for investigation. Manufacturers should also employ proactive threat hunting to identify potential vulnerabilities before they are exploited.

5. Backup and disaster recovery planning

Having secure backups is essential for mitigating the damage caused by ransomware attacks. By maintaining regular off-site backups and testing disaster recovery plans, manufacturers can recover quickly from an attack without paying a ransom. These backups should be encrypted and stored in a way that ensures they cannot be accessed or tampered with by attackers.

Industrial cybersecurity case study

In early 2020, ANDRITZ, a leading industrial plant provider, began seeing a rise in cybersecurity incidents. Its IT environment included many systems and security policies that complicated security efforts. The company’s massive attack surface area included over 280 sites worldwide and thousands of employees using the company’s network remotely. A host of third-party contractors and engineers also had access to key IT systems.

For security information and event management (SIEM), ANDRITZ chose IBM Security QRadar on Cloud technology deployed as SaaS. The platform helps ANDRITZ’s security operations center (SOC) focus on detecting and remediating threats while IBM Security professionals provide 24/7 infrastructure management. SIEM can ingest data and log events from multiple sources across the network. By applying advanced analytics and correlations across data types — network, endpoint, asset, vulnerability, threat data and more — the SOC gains a holistic view of security.

In less than six months after engaging with IBM Security and deploying an integrated set of Managed Security Services (MSS), ANDRITZ had a new, comprehensive security services solution.

Leverage new opportunities, mitigate new risks

The manufacturing industry’s increasing reliance on digital technologies has brought tremendous benefits, but it has also created new vulnerabilities that cyber criminals are eager to exploit. As cyberattacks in the sector become more frequent and sophisticated, manufacturers must adopt a comprehensive approach to cybersecurity.

More from Risk Management

What Telegram’s recent policy shift means for cyber crime

4 min read - Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real phone number or any other personally identifiable information (PII).Telegram has also long been known for its hands-off moderation policy. The platform explicitly stated in its…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today