Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.

According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.

Apparently, the data being stored in industrial control systems is data worth stealing. Plus, the disruption due to even a single hour of downtime makes manufacturing a juicy target for cyber criminals.

What type of cyberattacks impact the industrial sector? And what can manufacturers do to protect themselves from these threats? Let’s find out.

The impact of cyberattacks on manufacturing

According to the 2024 IBM Cost of a Data Breach report, data breaches cost industrial organizations 13% more than the $4.88 million global average. Furthermore, the sector experienced the costliest increase of any industry, rising by an average of $830,000 per breach over last year. This cost spike could reflect the reality that manufacturers are highly sensitive to operational downtime. For example, the average car maker loses $22,000 per minute when the production line stops.

Unfortunately, the pain doesn’t end there. The time to identify and contain a data breach at industrial organizations was above the median industry, at 199 days to identify and 73 days to contain. These alarming trends underscore the vulnerability of the sector and the financial toll cyberattacks can take on manufacturers.

One of the most prevalent forms of cyberattacks in the manufacturing industry is ransomware. Ransomware attacks on industrial control systems doubled in 2022 alone. When manufacturing operations are disrupted, the financial and reputational damage can be severe. Supply chains can be thrown into chaos, leading to production delays and lost revenue.

Another major concern is intellectual property theft. Cyber criminals, including nation-state threat actors, often target proprietary designs and trade secrets to gain economic or strategic advantages. This type of cyber espionage can be difficult to detect, as attackers may infiltrate networks and exfiltrate data over long periods without being noticed.

Supply chain attacks are also a major concern. In these attacks, cyber criminals target vulnerable third-party suppliers or partners to gain access to a manufacturer’s systems. Since manufacturers often rely on a complex web of suppliers, a breach at one supplier can have a cascading effect across the entire production line. This interconnectedness makes the industry particularly susceptible to large-scale attacks.

The increasing interconnectedness of manufacturing systems due to digitalization has greatly expanded the attack surface. IoT devices and connected systems allow for real-time monitoring and control, but they also introduce vulnerabilities if not properly secured. This blurring of the lines between IT and OT makes it easier for attackers to infiltrate systems and cause widespread disruption.

Read the Cost of a Data Breach Report

What manufacturers can do to prevent cyberattacks

Given the scale and complexity of cyber threats facing the manufacturing sector, it’s imperative that manufacturers take proactive steps to protect their systems and data. Here are some key measures manufacturers should implement to bolster their cybersecurity posture:

1. Implement stringent security policies

Manufacturers must establish strong cybersecurity frameworks that govern all aspects of their operations. This includes enforcing strict access controls, conducting regular security audits and implementing robust incident response plans. One of the most critical components of any cybersecurity policy is employee training. Many breaches occur due to human error, such as falling for phishing schemes or mishandling sensitive data. Continuous training ensures that employees are aware of the latest threats and know how to recognize and prevent them​.

2. Regularly update IoT devices and firmware

IoT devices are often a weak point in manufacturing systems, as they may not come equipped with robust security features out of the box. Regularly updating the firmware of these devices and ensuring they are properly configured can mitigate the risk of exploitation. Manufacturers should also integrate IoT devices securely into their broader network infrastructure and ensure they are monitored continuously for any signs of compromise.

3. Segment and air-gap networks

One of the most effective ways to limit the spread of an attack is to segment IT and OT networks. By creating barriers between different systems, manufacturers can prevent attackers from moving laterally through their networks if one part is breached. In highly sensitive environments, air-gapping — isolating critical systems from external networks entirely — can provide an additional layer of protection. This ensures that even if an IT system is compromised, operational technology systems remain unaffected.

4. Invest in advanced threat detection

Real-time threat monitoring tools, such as Security Information and Event Management (SIEM) systems, are essential for detecting and responding to cyber threats. These tools provide real-time visibility into network activity and can automatically flag suspicious behavior for investigation. Manufacturers should also employ proactive threat hunting to identify potential vulnerabilities before they are exploited.

5. Backup and disaster recovery planning

Having secure backups is essential for mitigating the damage caused by ransomware attacks. By maintaining regular off-site backups and testing disaster recovery plans, manufacturers can recover quickly from an attack without paying a ransom. These backups should be encrypted and stored in a way that ensures they cannot be accessed or tampered with by attackers.

Industrial cybersecurity case study

In early 2020, ANDRITZ, a leading industrial plant provider, began seeing a rise in cybersecurity incidents. Its IT environment included many systems and security policies that complicated security efforts. The company’s massive attack surface area included over 280 sites worldwide and thousands of employees using the company’s network remotely. A host of third-party contractors and engineers also had access to key IT systems.

For security information and event management (SIEM), ANDRITZ chose IBM Security QRadar on Cloud technology deployed as SaaS. The platform helps ANDRITZ’s security operations center (SOC) focus on detecting and remediating threats while IBM Security professionals provide 24/7 infrastructure management. SIEM can ingest data and log events from multiple sources across the network. By applying advanced analytics and correlations across data types — network, endpoint, asset, vulnerability, threat data and more — the SOC gains a holistic view of security.

In less than six months after engaging with IBM Security and deploying an integrated set of Managed Security Services (MSS), ANDRITZ had a new, comprehensive security services solution.

Leverage new opportunities, mitigate new risks

The manufacturing industry’s increasing reliance on digital technologies has brought tremendous benefits, but it has also created new vulnerabilities that cyber criminals are eager to exploit. As cyberattacks in the sector become more frequent and sophisticated, manufacturers must adopt a comprehensive approach to cybersecurity.

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today