Factories don’t stop because of faulty robots anymore. They stop because of a cyber incident, such as ransomware. Cybersecurity in manufacturing is no longer a technology problem – it is a business risk that can halt production lines, choke supply chains and drain investor and customer trust.
READ MORE: Jaguar Land Rover Restarts Production; Provides Lifeline to Critical Suppliers
In April, a health technology and consumer electronics firm Masimo discovered unauthorized activity on its network that disrupted facilities and order fulfillment.
The following month, North Carolina-based Steelmaker Nucor reported unauthorized access to data within the company's IT systems temporarily limiting certain business functions and facility operations.
Jaguar Land Rover topped the headlines when they faced a five-week production shutdown after a cyberattack in August, underscoring just how high the stakes can become. If billion-dollar manufacturers can be derailed for weeks, what does that mean for small and midsize manufacturers with lean IT/OT teams? The message is clear: no factory is immune.
From compliance to resilience
Too many manufacturers still treat cybersecurity as a compliance checkbox. Meeting minimum regulatory requirements may satisfy auditors, but it won’t keep attackers out and should be seen as minimum baseline cybersecurity posture.
With 83% of manufacturing breaches involving phishing, system intrusion or compromised software – it is clear that the standard baseline posture is not sufficient against today’s capable cybercriminals.
Cybersecurity must be treated like any other strategic business risk. How much downtime could your factory absorb? How much intellectual property could you afford to lose? Where does your “acceptable risk” line sit?
These aren’t technical questions – they’re existential ones, and they demand leadership and board level discussion and buy-in. In this sense, cybersecurity is no different from quality control or occupational safety. It requires governance, culture, and resources – not just technical fixes.
Manufacturers often operate with costly operational technology designed to last for years, sometimes decades. While these systems may be past their financial depreciation, the expense and disruption of replacement often delay upgrades.
Over time, these once state-of-the-art devices become vulnerable to modern cyberattacks, expanding the organization’s attack surface. Outdated protocols, unsupported operating systems and legacy configurations introduce not just technical challenges but broader business risk.
For smaller manufacturers in particular, the critical question is when the potential financial and operational impact of a cyber incident outweighs the cost of updating or replacing aging technology.
Where are the vulnerabilities
While Industry 4.0 discussions often focus on OT security, IT remains the most common entry point for attackers. Phishing emails, stolen credentials and compromised third-party software are the front doors cybercriminals use.
Manufacturers are particularly vulnerable because:
- Attackers know factories can’t afford downtime. Just-in-time production operations amplify the impact of a cyber incident, increasing the likelihood of payment to ransomware criminals or prolonged disruption to manufacturing.
- Supply chains extend the attack surface. Vulnerabilities in partners or suppliers can cascade into your operations, and vice versa.
- IT teams are stretched thin. SMB manufacturers rarely have the resources for 24/7 monitoring and lack the expertise for rapid response capabilities.
- Intellectual property is valuable. Designs, formulas and prototypes are lucrative targets for espionage or theft.
Building a resilient IT/OT foundation
A prevention-first IT strategy must go beyond basic defenses. It’s not enough to block attacks; manufacturers must anticipate and neutralize threats before they disrupt operations.
- Actionable threat intelligence: Real-world data on the current threat landscape, including detailed knowledge on ransomware tactics, supply chain vulnerabilities and persistent threats allows teams to prioritize what truly matters.
- Continuous monitoring: Correlating activity across endpoints, servers and cloud applications helps spot anomalies that could indicate intrusion. The monitoring needs to extend beyond the normal IT infrastructure and where technically possible include operational technology. Consolidating IT and OT monitoring into a single platform enhances threat visibility and the ability to predict and prevent threats.
- Segmentation and access control: Clear system boundaries and the segmentation of operational technology, strict identity management and multi-factor authentication prevent attackers from moving laterally.
- Vulnerability management: Automated patching and firmware updates on all devices and machinery close the gaps attackers can potentially exploit.
- Backup and recovery: Offline backups stored offsite and tested restoration procedures ensure ransomware cannot hold production hostage by minimizing downtime.
Combining intelligence, monitoring and modern response capabilities such as Extended Detection and Response (XDR) enables lean IT teams in small and medium businesses to maintain robust defenses without building a full security operations center.
Extending IT defense with XDR
Traditional endpoint protection alone is insufficient. XDR unifies detection and response across devices, servers and cloud systems, providing a holistic view of data from a variety of disparate sources that may signal an attack is in progress.
When paired with Managed Detection and Response (MDR) services, even small IT teams gain 24/7 expert oversight, faster containment, and fewer blind spots – enabling a prevention-first posture that keeps factories and business operational.
The business case for cyber resilience
Cyberattacks are not abstract risks; they are operational costs. IBM’s 2024 Cost of a Data Breach report found the average industrial breach costs $5.56 million, but the real damage comes from stalled production, missed contracts, and eroded customer confidence. Treating cybersecurity as a business risk protects growth, reputation, and resilience.
Leadership teams and boards should evaluate the replacement of outdated technology not just as a technical upgrade, but as a strategic move to lower the business impact of potential cyber incidents. As the costs of cyberattacks continue to rise, organizations benefit from adopting a holistic perspective that links cybersecurity directly to operational continuity and financial resilience.
In manufacturing, cybersecurity teams must move beyond a narrow focus on reducing cyber risk alone and prioritize actions that minimize the potential disruption and economic consequences for the business. Cyber resilience does not mean eliminating risk entirely. It means defining a clear threshold for acceptable risk and building IT defenses strong enough to keep operations running under pressure.
In Industry 4.0, the smartest factories won’t just be the most automated – they will need to be the most cyber-resilient.
Tony Anscombe is the Chief Security Evangelist for ESET. With over 25 years of security industry experience, Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and Internet safety. His speaking portfolio includes industry conferences RSA, Black Hat, VB, CTIA, MEF, Sector and the Gartner Risk and Security Summit.
Tony Anscombe, Chief Security Evangelist, ESETESET
