Until a few years ago, hackers mainly focused on sectors where sensitive data was the most valuable asset – finance, healthcare or digital services. Today, it is the manufacturing industry that is becoming one of the most desirable targets for cybercriminals. In 2025, the average manufacturing facility was exposed to 1,585 attacks per week, an increase of 30% on the previous year. Threat dynamics were highest in Europe, with countries such as the Netherlands, Spain and Turkey seeing the number of incidents grow faster than anywhere else.
This shift in the cyber attack landscape means that digital security is no longer a technology issue that can be delegated to the CIO. It is a strategic business risk that must be faced by the entire management team.
The cost of downtime – when every hour costs millions
Ransomware in manufacturing works differently than in many other industries. It is not just about stealing data or blackmailing people into making it public. Attackers know full well that a plant’s greatest asset is its business continuity. A production line shutdown, even for a few hours, can translate into losses running into millions of euros.
Worse still, the effects do not end with the financial balance sheet. Downtime caused by a cyber-attack can break the supply chain, block contracts and even slow down innovation if R&D departments are affected. For manufacturing companies, it is a blow to competitiveness, reputation and customer relationships.
Supply chain – the Achilles heel of the digital factory
One of the main reasons why the manufacturing sector has become the number one target is its extensive and complex network of partners. Factories do not operate in isolation – they rely on hundreds of suppliers, contractors and technology partners. Every such connection is a potential entry point for an attacker.
IoT and OT systems in particular are on target, often deployed quickly and without adequate security. All it takes is one unprotected device to open the door to the entire infrastructure. What’s more, criminals have started to trade stolen access data to industrial networks, lowering the barrier to entry for more ransomware groups.
The knock-on effect is particularly dangerous here. The compromise of one small supplier can disrupt not only the operations of a large factory, but also the entire industry, especially where the just-in-time model reigns supreme.
Geopolitics enters the factories
Cybercrime in the industry is no longer limited to groups focused on quick profit. State-backed actors are playing an increasingly important role. Their objectives are strategic: stealing intellectual property, sabotaging production or disrupting supply chains in the defence and energy sectors.
Examples from recent years include leaks of drone designs, high-tech vehicles or military technology. In such cases, the losses are not limited to a single company. They are a blow to entire economies and national competitiveness.
Rising geopolitical tensions – from trade disputes to regional conflicts – only reinforce this trend. Factories are becoming pawns in a global game, and boards must consider risks that go far beyond traditional business concerns.
Cyber security as a management priority
In such an environment, reactive action is not enough. Cyber resilience must be treated as part of a business strategy. What does this mean in practice?
- Integrating resilience in action – business continuity plans need to be tested and systems recovery time counted in hours, not weeks.
- Securing supply chains – companies should require partners and suppliers to meet certain security standards, rather than simply assuming ‘it’s not our problem’.
- Protecting intellectual property – monitoring and preventing data loss is becoming crucial, especially in industries vulnerable to technology theft.
- Strengthening preventive defence – instead of only acting after an incident, companies should invest in real-time threat detection and analysis.
For many companies, this will mean that the entire board – from CFO to COO – will need to be involved in cyber security processes.
From cost to competitive advantage
The most interesting change is that cyber-security is no longer considered a ‘necessary cost’. In a world of global competition and geopolitical instability, it is cyber resilience that can determine market advantage.
Companies that are able to guarantee their customers’ business continuity and the security of sensitive processes gain not only contracts, but also the loyalty of partners and a better position in international tenders. Those that neglect the subject, on the other hand, risk not only being attacked, but also losing credibility for years.
The manufacturing industry today stands at the centre of a new era of cyber threats. Complex supply chains, outdated systems and low tolerance for downtime make it an ideal target. The scale of the problem is growing, and with it the realisation that cyber security is not just the domain of IT departments, but part of business and geopolitical strategy.
In practice, this means that boards need to treat cyber resilience as a cornerstone of their competitive advantage. In an industry where reliability and speed matter, it is resilience to attacks that will become the currency of the future.
