Contents:
Cybersecurity in manufacturing businesses is unique.
The sector faces several challenges that other industries don’t have to contend with. And the impacts of any disruption are unusually high.
What is more, manufacturers are increasingly finding themselves in the crosshairs of cybercriminals.
In 2024, there was a 71% increase in attacks targeting the sector.
In this comprehensive guide, you will learn about:
- The unique cyber threats facing manufacturers
- Common targets for criminals
- The growing risks that manufacturers are facing
- The consequences of breaches
- Strategies for boosting cybersecurity in manufacturing
Manufacturers have unique cybersecurity challenges
“Our manufacturing clients use old or specific custom software that has little or no support. Client software requires a local admin to run and lacks any security itself” – A managed service provider describes issues facing their manufacturing clients in our recent survey.
At Heimdal, we work with numerous manufacturers around the world to keep their operations secure against cyber threats. The sector faces several unique challenges – and these make cybersecurity in manufacturing especially complex.
- Industrial control systems (ICS): Many large manufacturers rely on ICS’ like SCADA, PLC controllers and HMIs. These operational technology solutions are often decades old, and were often designed in the pre-internet era.
They have limited in-built security, and are therefore a very attractive target for hackers.
- Increased connections due to industry 4.0: The emergence of connected factories and production lines is beneficial for productivity. But connected systems immediately open up avenues for criminals to attack factories’ systems.Unfortunately, many manufacturers have relatively lax security around their Industry 4.0 and
- Supply chain risks: Manufacturers are especially vulnerable to supply chain attacks.If criminals can insert malicious code into a supply chain partner’s products, then this can give them an entry point into your products and facilities too. Manufacturers are also vulnerable to the effects of breaches in the supply chain.
If one of your supplier’s systems gets hacked, this could freeze their production lines, and have knock-on effects in your plants.
Learn more: What’s a supply chain attack?
- External communication: The manufacturing sector communicates extensively with hundreds, or even thousands of suppliers and customers – often internationally.This increases the risk of things like phishing emails getting through.
- Multinational nature of the business: Many manufacturers operate facilities around the world. Different countries and regions have varying security standards, regulations, cultures and ways of working.This can make it very hard to impose a consistent
security culture. This is made even more complex through acquisitions.
- The complexity of manufacturing IT: Unlike many other industries, manufacturing organizations have especially complex IT systems. The complexity of these systems means there are more gaps that hackers can exploit:
- Operational technology: SCADA and similar ICS systems that manage actual plants, processes and production lines.
- IoT: A growing number of internet-connected sensors (to monitor vibrations, listen for noises, count products or inspect output quality) are used inside plants and on production lines.
- Warehouses: Various kinds of warehouse and stock management systems will be in use.
- Logistics: Systems that plan deliveries, track shipments and similar are often cloud-based and are provided by a range of software publishers.
- Backend systems: Most manufacturing organizations use hybrid or cloud-based systems for HR, accounting, sales and marketing.
- R&D: Connected devices may be used for various kinds of lab testing or product design.
- Field staff: Employees may be sent out to inspect, repair or tune products once they’ve been delivered to customers.Employees may use various kinds of handheld devices, tablets or smartphones to do this – all of which could be targeted.
- Physical access to facilities: While some factories are state of the art, many have surprisingly basic physical barriers to access. Motivated actors can sometimes enter facilities through unmonitored warehouse gates, loading bays, or even just walking through the front door.They can then try and steal devices or install software physically.
“With our incumbent solution, time and resources were always under pressure. Our administration overheads were high as the teams had to manually manage the updates and configurations for the third party and Windows software” – Einar Dagfinnur Klemensson, Cloud and Infrastructure Architect at orthopaedic manufacturer Össur.
Why is the manufacturing sector a target for cyber threat actors?
While the data that manufacturers hold isn’t usually as sensitive as that of more traditional targets like banks, it is still attractive to hackers.
- Likely to pay ransoms: Every hour your production lines aren’t running will cost tens of thousands of dollars – and hackers know this. If they can enter your systems and lock you out of your ICS, they know that you’re likely to pay a ransom.
- Corporate espionage: Most manufacturers hold troves of intellectual property and sensitive data that hackers know your competitors – or even certain nation states – will be willing to pay for.
- Hacktivism: Any manufacturer that is seen as ‘bad’ by hacktivist groups, is potentially at risk of being targeted.
- Softer target: While banks, healthcare providers and retailers have improved their security against cyber threats in recent years, manufacturers are seen as a softer target by criminals.
Growing risks around cybersecurity in manufacturing companies
Since 2020, manufacturing companies have increasingly found themselves being targeted by cybercriminals.
In 2021, there was a 300% increase in cyberattacks against manufacturing companies. The previous year, the sector had received about 7% of all cyberattacks, but they accounted for 22% in 2021. Since then, the upward trend has only continued.
As mentioned above, there was a 71% increase in attacks against manufacturers in 2024, and other surveys found that 65% of manufacturers faced some sort of ransomware attack that year. And in 2025, there was a 46% increase in ransomware attacks against manufacturers in Q1 alone.
Worryingly, research shows that manufacturing is now the most targeted of all sectors, receiving more than a quarter of attacks against businesses (more than finance, professional services, energy or retail, for instance).
Notable recent cyber attacks against manufacturers
Countless manufacturing companies around the world have been affected by cyber crime. Here are some of the more notable recent security incidents:
- Nucor Corp: The biggest steelmaker in North America was hit by a security breach in May 2025 that forced it to halt production at multiple plants.
- Arla Foods: In May 2025, one of food manufacturer Arla’s plants in Germany had to stop production following a breach.
- Yanfeng: In 2024, the Chinese vehicle component manufacturer had to pause production after a cyberattack. This delay meant Yanfeng’s customer Stellantis demanded a $26 million fee for breach of contract.
- Clorox: In 2023, a cyberattack against US consumer products company Clorox caused huge production delays and cost the firm hundreds of millions of dollars.
- Toyota: In 2022, car giant Toyota was forced to stop production at all of its Japanese plants due to a suspected cyber incident.
Consequences of cybersecurity breaches in manufacturing
“The thought that when you wake up tomorrow and hear the name of your own company in the press, that it has succumbed to an IT security problem that you did not have under control, or worse, did not recognise, would give me sleepless nights”
Thomas Zeulner CISO at Swiss manufacturer TDK Electronics AG explaining his biggest fears in an interview.
The effects of cyber breaches on manufacturer companies can be especially severe. Here’s why:
- Costs of production disruption: Any delay to output immediately hits a factory’s bottom line. Unlike service businesses, where a delay in productivity is less tangible, the costs of a disruption to manufacturers start skyrocketing the moment a breach occurs.
- Contractual obligations: If you are supplying other companies with parts or components, any delays could put you in breach of contract. This can result in fines and litigation for delayed delivery.
- Reputational damage: A cyber breach – especially if it could have been avoided – can be very damaging to a manufacturer’s reputation.
- Ransom costs: If you agree to pay a ransom, this can often amount to several million dollars, depending on the size and prominence of your business.
- Stolen IP: If your intellectual property and sensitive data are stolen by competitors or state actors, this can undercut your competitive advantage.
- Damage to machinery: Cyber attacks that target specific pieces of equipment can cause significant physical damage to machinery. Whether it’s overheating, jamming, or cutting power at a critical stage of a process, these attacks can have ‘real world’ consequences. Replacing or repairing machinery can be very expensive and time consuming.
How to improve cybersecurity in the manufacturing industry
As we have learned through our long experience of enhancing cybersecurity for manufacturing companies like Davidsens, Ken Hygiene Systems and Össur (among many others), there isn’t a ‘one size fits all’ approach.
Your specific needs and security tools will depend on your size, the number of plants you run, the geographies you serve, the type of manufacturing you do, and the sorts of contractual relationships you have.
However, the following tips for improving cybersecurity will apply to most manufacturers.
- Audit technology then map security: It’s crucial to carry out a complete audit of your current IT and OT systems.Compile a comprehensive list of the software, hardware and devices you’re using across the factory floor, in your back offices, your warehouses and beyond the factory gates. Then, you need to map out your existing protections for all those systems against common cyber threats.
- Harden your perimeter: Almost all manufacturers today use firewalls, but we’d strongly recommend making your external defences harder against cyber threats using up to date security tools.Network security, next-gen antivirus and anti-ransomware solutions can all make it more difficult for hackers to get in and reduce the size of your attack surface. It’s also important to think about physical security around your plants – are there gaps in fences, open backdoors or lax security at loading bays?
- Patch your systems: All software you use should be updated as soon as patches are released.
- Adopt internal controls: If hackers find ways to bypass your initial defences, then effective internal controls can help.Multi factor
authentication means people need to provide two or more pieces of ‘evidence’ that they are who they claim before they can access files or make changes.
- Audit your vendors: If your supply chain partners have poor security, this increases the risk of their production lines being disrupted. Even more worryingly, if they produce any kind of components containing code that goes into your products, it could potentially be infected – which will affect you too.It’s therefore critical to audit your suppliers’ security for cyber threats.
- Encryption: Your data should be encrypted. So, even if a hacker steals it, they can’t do anything with it.
- Education and training: Weak passwords are still a common cause of breaches – staff need to be trained to regularly update passwords, including on older ICS systems. Staff also need to be trained to spot cyber risks such as phishing attacks.
- Create a cyber response plan: Even with the best security in the world, it is still possible for determined actors to break into your systems. A cyber response plan will mean you know what to do, should the worst happen.
- Backups: You should regularly backup all your company’s intellectual property, R&D critical data, financial accounts, customer information, contracts and HR records. This can mitigate cyber risks.
- Advanced security for remote users: If you have field staff, sales people or delivery drivers who need to connect to your systems remotely, it’s essential to use additional layers of protection.Security controls like MFA should be mandatory, they need to be given extra training on security (e.g. avoid connecting to company systems on public WiFi), and you should be using threat intelligence capabilities.
- Consider certification: There are several kinds of cybersecurity certification that are relevant to manufacturing industry in different parts of the world. These include ISO 27001, IEC 62443 or NIS2 and CRA (in the EU).
- Honeypots: A honeypot is a ‘bait’ designed to attract hackers who might have entered your systems – they contain dummy files of false financial information, corporate strategy or IP.When a hacker enters the honeypot, this alerts you to the breach so you can investigate with your security tools and close it down.
Time to improve cybersecurity in the manufacturing industry
With numerous reports showing that the manufacturing sector is now the most common target of cyber attacks, it’s clear that the sector needs to improve its approach.
In this guide, we’ve highlighted the key challenges for cybersecurity in manufacturing, risks facing the sector, and consequences of a breach. We’ve also explored some of the key strategies, policies and methods you can use to reduce your attack surface.
Want to see how Heimdal can support your manufacturing firm’s cybersecurity? Watch our free demo.