The Current Manufacturing Cyber Risk Landscape

Why Is Manufacturing Cyber Risk So Important? In 2024, manufacturing accounted for nearly 18% of Germany’s total economic output, above the global average. Factories, machinery, and industrial production remain pillars of German economic prosperity, even amid recent contractions. Value in manufacturing is generated in environments where uptime, safety, and precision often matter more than agility or speed of change.

At the same time, manufacturing operations are becoming more connected, integrating enterprise IT systems, remote access, and third-party services into production environments that were never designed with connectivity in mind. This combination creates a distinct cyber risk profile. Here’s an overview of the current manufacturing cyber risk landscape.

Manufacturing cyber risk is structurally different

According to the 2025 SANS ICS/OT Cybersecurity Survey, over one in five manufacturers (22%) in sectors like automotive, heavy machinery, and chemicals reported a cybersecurity incident in the past year. Of those, 40% caused operational disruption. But what are the intricacies of manufacturing that make it such a prime and unique target for cyberattacks?

1. Uptime > Confidentiality: Risk Defined by Production Continuity

In traditional IT, the security triad gets framed as confidentiality, integrity, and availability, with confidentiality (e.g., data privacy) frequently driving prioritization. In manufacturing OT environments, the priority is availability and physical process integrity. This means keeping machines running, lines producing, and systems safe.

This prioritization creates a distinct cyber risk profile in manufacturing because it constrains the set of acceptable security actions. Controls that introduce latency, require frequent updates, or depend on regular restarts often get deferred or excluded altogether. Patch cycles slow, compensating controls replace direct remediation, and known vulnerabilities may persist when operational risks outweigh perceived cyber threats.

2. Legacy OT Systems Were Never Designed for Connectivity

Manufacturing OT comprises an ecosystem of specialized control systems that often date back decades:

• Programmable Logic Controllers (PLCs) controlling discrete actions on the shop floor.
• Distributed Control Systems (DCS) orchestrating continuous process plants.
• Supervisory Control and Data Acquisition (SCADA) systems aggregating and visualizing field data.

These systems were engineered for reliability and determinism, rather than cybersecurity. The industry didn’t anticipate a future where these controllers, protocols, and workstations would be reachable from enterprise networks or vendor remote access tools. Unlike modern IT apps that assume patch cycles and secure defaults, these OT systems lack intrinsic security features like authentication or encryption and are often brittle to changes.

As a result:

• They are highly exposed when connected, because legacy protocols (e.g., Modbus, Profibus) offer little resistance to interception or manipulation.
• They lack built-in mechanisms for modern security controls (e.g., secure boot or encrypted sessions), so protecting them requires compensating measures rather than straightforward updates.

3. Asset Lifecycles Span Decades

In enterprise IT, hardware and software refresh every three to five years. So in practice, security patches and platform upgrades are routine and expected. In contrast, OT assets are designed for long lifecycles; often 10, 15, or even 30+ years. This is because they control physical machinery, are expensive to certify, and risk intolerable downtime if modified.

That long life creates distinct cyber risk dynamics:

• Unpatchable or hard-to-patch assets remain in service with known vulnerabilities that live for years.
  
• Vendor dependencies and certification requirements often delay or constrain updates, since each change must be validated for safety and compliance.
  
• Diverse generations of hardware and software coexist, creating heterogeneous environments where visibility and standardization are inherently weaker.
  
• Modern defensive tooling doesn’t always integrate cleanly with legacy control hardware, meaning organizations can’t simply bolt on protections as they would in IT.

 

4. Engineering-Led Culture Prioritizes Stability Over Change

Manufacturing OT teams are engineers first. Their mandate is to keep processes stable, predictable, and safe. Introducing changes, whether that’s patching a controller, rebooting a DCS node, or modifying a trusted remote link, carries risk. A misstep could cause unplanned downtime, quality defects, or safety incidents.

This culture manifests in specific security behaviors:

• Reluctance to apply patches unless fully validated.
  
• Preference for “air-gapping” and static segmentation rather than dynamic controls that could interrupt operations.
  
• Decisions based on operational risk trade-offs.

This isn’t neglect; it reflects how risk prioritization is viewed through an operational lens.

Dominant Threat Scenarios in Manufacturing

Threat actors prefer to use a focused group of effective attacks in manufacturing that exploit the unique cyber risk profile of these environments.

1.  Ransomware With Production Impact

In manufacturing environments, ransomware doesn’t need to directly manipulate industrial control logic to be effective. Instead, it targets systems that production depends on indirectly, such as engineering workstations, supervisory systems (SCADA/HMI), historians, or manufacturing execution systems (MES).

What makes ransomware particularly effective in manufacturing is the tight coupling between digital systems and physical operations. Production processes are often designed on the assumption that these digital systems are continuously available to monitor state, validate quality, and support safe operation. As a result, even limited disruption can force precautionary shutdowns or prevent controlled restarts.

2.  Lateral Movement From IT Into OT

Lateral movement from IT environments into OT networks reflects the reality that modern plants are no longer isolated. Enterprise systems, reporting platforms, and remote management tools are routinely connected to production environments.

Connectivity supports production efficiency, for example, to feed MES data from the shop floor or to allow engineers to manage systems remotely. These connections often create trusted pathways that attackers can exploit once initial access is obtained in IT. Crucially, attackers do not need to fully understand OT protocols to exploit this scenario. Their objective is often to reach systems that bridge environments, such as engineering workstations or supervisory servers, where access provides leverage without requiring direct manipulation of control logic.

3.  Supply-Chain-Driven Compromise

Manufacturing environments are deeply interconnected with external suppliers, integrators, and service providers. These third parties frequently require persistent or recurring access to production systems for maintenance, updates, and troubleshooting.

Supply-chain-driven compromise becomes dominant when:

• Access credentials or tooling are reused across customers
• Remote access paths are shared or poorly segmented
• Security controls vary significantly between organizations

In these cases, attackers may gain indirect access to manufacturing environments by compromising the connective tissue between organizations, rather than the manufacturer itself. This scenario is particularly challenging to manage because it extends beyond organizational boundaries.

The Impact of Cyber Incidents in Manufacturing

So, what happens when cyber threat actors breach manufacturing environments? Key impact dimensions to think about include:

Operational and Financial Disruption

The most immediate impact is often lost production time. Unplanned stoppages, precautionary shutdowns, and delayed restarts can halt operations for days or weeks, with financial losses driven not only by missed output but by overtime, rescheduling, and contractual penalties across tightly coordinated supply chains.

Unlike many service-based industries, manufacturing losses compound quickly because idle capacity can’t be easily recovered once a production window is missed.

Reputational Damage and Regulatory Exposure

Manufacturing incidents increasingly attract attention from customers, partners, and regulators, particularly where safety, supply continuity, or critical infrastructure obligations are involved. Disruption at a single plant can affect downstream customers and suppliers, triggering audits, contract reviews, or increased scrutiny under frameworks and sector-specific safety regulations.

Quality, Safety, and Process Integrity Risks

Beyond downtime, cyber incidents can undermine confidence in process integrity. Loss of visibility into control systems, historian data, or quality metrics can force conservative operational decisions, such as scrapping batches, delaying shipments, or revalidating equipment. In tightly regulated or safety-critical environments, this uncertainty alone can justify prolonged shutdowns, even if no direct manipulation of control logic has occurred.

Regulatory Pressure: The EU Cyber Resilience Act (CRA)

Alongside operational and commercial pressures, manufacturers operating in the EU are facing a shift in regulatory expectations under the Cyber Resilience Act (CRA). This regulation reflects a growing recognition that cybersecurity failures in manufacturing and industrial products have become persistent, repeatable, and economically material.

The CRA applies broadly to organizations that manufacture, import, or distribute products with digital elements in the EU. This includes industrial equipment, control components, embedded software, and connected machinery. The regulation applies from December 2027.

Unlike traditional cybersecurity regulation that focuses on organizational controls, the CRA places emphasis on product-level security, requiring manufacturers to embed cybersecurity considerations into design, development, and lifecycle management. This includes a set of 13 baseline cybersecurity requirements covering areas such as secure development practices, vulnerability handling, access control, and resilience against known classes of attack.

Bringing Manufacturing Cyber Risk Into Focus

The manufacturing cyber risk landscape is shaped by how systems are connected, how access is granted, and how engineering decisions made years ago continue to shape exposure today.

As regulatory expectations such as the Cyber Resilience Act shift accountability toward product design and lifecycle security, manufacturers are being asked to confront questions that sit uncomfortably between disciplines: where trust is assumed rather than validated, where continuity has quietly overridden resilience, and where security depends on undocumented dependencies rather than deliberate design.

Addressing these questions often benefits from perspectives beyond any single team or function. Independent assessment and engineering-led security validation can help organizations surface real attack paths, challenge long-held assumptions, and prioritize remediation without disrupting production.

At DIESEC, we help manufacturers strengthen resilience without sacrificing operational continuity, bridging security engineering with production reliability.

Contact us today to see how we can help you.