In today’s industrial landscape, manufacturing stands as the top target for cyberattacks, with more than 25% of all incidents impacting this sector. As manufacturers embrace digitalization and operational technology (OT) convergence, their attack surface expands dramatically. It is no longer a question of “if” a cybersecurity incident will occur, but rather, “How well-prepared are we when it does?”
Understanding the Threat Landscape
Ransomware remains the most prevalent threat, accounting for 68% of cyber incidents in manufacturing. It is followed closely by business email compromise (BEC), which has become increasingly frequent, and account takeovers that grant unauthorized access to networks and SaaS platforms. Web-based attacks, DDoS incidents affecting interconnected systems and insider threats — especially those involving intellectual property theft — further complicate the threat landscape.
The consequences of a cyberattack rarely stay confined to IT. Downtime can ripple across the supply chain, violate SLAs, prompt SEC disclosures and damage brand reputation. For example, one 2023 breach cost a manufacturer 85 million USD and halted operations for over a week.
These risks aren't theoretical. Recent events demonstrate just how disruptive these attacks can be.
Real-World Case Studies
Recent high-profile incidents underscore the growing risks manufacturers face:
- In August 2023, Clorox disclosed via an SEC filing that it had identified unauthorized activity on its IT systems, disrupting operations at multiple sites. The company filed additional reports in the following months detailing continued production delays and substantial financial losses.
- In early 2024, Varta, a global battery manufacturer, was forced to disconnect its IT systems from the internet following a cyber incident, halting production for over two weeks as it executed containment and recovery efforts.
- In August 2024, Halliburton, a global energy services and manufacturing giant, was struck by a ransomware attack attributed to the RansomHub group. The breach disrupted billing and PO processing, resulting in 35 million USD in losses and a 10% stock dip.
Industry-Specific Challenges
Manufacturers face a combination of legacy issues and emerging threats:
- IT/OT Convergence: The integration of outdated OT systems with modern IT exposes previously isolated environments to new vulnerabilities.
- Legacy Infrastructure: Aging assets lack encryption support, resist patching and often cannot accommodate modern security tools.
- Third-Party Vendors: External partners frequently present risk through excessive access privileges and weak security practices.
- Cybersecurity Talent Gaps: Recruiting and retaining professionals with both cybersecurity and manufacturing expertise remains difficult.
Given these persistent threats and vulnerabilities, manufacturers must take decisive action.
Strategic Best Practices and Evolving Expectations
To stay ahead of adversaries, manufacturers must prioritize proactive strategies and foundational defenses:
- Conduct regular risk and vulnerability assessments to uncover and remediate weaknesses before they’re exploited.
- Embrace penetration testing and application assessments to simulate real-world attacks and stress-test infrastructure.
- Enforce network segmentation and privileged access protections to minimize lateral movement and restrict access to critical assets.
- Deliver comprehensive security awareness training to help employees recognize phishing, scams and other social engineering threats.
- Improve business continuity and disaster recovery (BCDR) confidence to ensure swift recovery from disruptions.
- Strengthen OT network protections through logical segmentation, strict access controls and secured vendor interfaces.
- Address supply chain security risks by evaluating third-party cybersecurity postures, including upstream and downstream impacts.
- Maintain thorough vendor risk management with regular audits and clearly defined security requirements in contracts.
- Align with standards such as ISA/IEC 62443, GDPR and SOC II to maintain compliance and reduce liability. Insurers increasingly look for these controls when underwriting cyber policies, making them essential not only for protection but also for insurability.
- Incorporate continuous monitoring and threat detection tools to identify anomalies in real time and reduce attacker dwell time.
- Establish and routinely test incident response playbooks to ensure coordinated, efficient action during an actual breach.
The Role of Tabletop Exercises
Low-cost and high-return, tabletop exercises provide a safe environment to rehearse incident response. These simulations:
- Define roles and responsibilities, clarifying who leads, supports and communicates during an event.
- Validate assumptions about communication and recovery to ensure plans reflect actual capabilities.
- Expose gaps in policies and procedures, enabling preemptive fixes.
- Demonstrate organizational readiness to leadership, reinforcing the value of security investments.
Exercises should reflect realistic threats and include both technical responders and decision-makers. When conducted effectively, they set response expectations, reveal vulnerabilities and strengthen cross-functional preparedness. The exercises, processes and tools offered by the Incident Command System for Industrial Control Systems (ICS4ICS) program pool the resources of the broader industrial automation community to establish a playbook for responding to cyberattacks on automation in critical infrastructure.
Why This Matters
Cybersecurity in manufacturing is no longer a niche IT concern — it’s a core business priority. By addressing industry-specific challenges, improving readiness through testing and embedding security into everyday operations, manufacturers can reduce exposure and recover quickly from inevitable incidents.
As ransomware tactics evolve and global supply chains grow more interdependent, the manufacturers who thrive will be those who prepare not just to withstand, but to adapt and emerge stronger. The cost of inaction is too high — the path forward begins with preparation.
Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive regular emails with links to thought leadership, research and other insights from the OT cybersecurity community.