Introduction
The global surge in cyber attacks on manufacturing firms highlights the increasing vulnerability of these industries as they integrate advanced technologies. This trend is particularly evident with the adoption of cloud computing, artificial intelligence (AI) [9], and the Internet of Things (IoT) as part of Industry 4.0 initiatives. The convergence of Information Technology (IT) and Operational Technology (OT) systems [1] [4] [7] [10], while enhancing operational capabilities, also expands the potential attack surface for cyber threats [2] [4] [5] [7] [9] [10].
Description
Cyber attacks on manufacturing firms have surged globally [3], with a recent study revealing that 80% of these companies experienced a significant increase in cybersecurity incidents over the past year. This rise in risk is particularly pronounced as manufacturers adopt advanced technologies such as cloud computing, artificial intelligence (AI) [9], and the Internet of Things (IoT) as part of their digital transformation initiatives [9], commonly referred to as Industry 4.0. The convergence of Information Technology (IT) and Operational Technology (OT) systems enhances operational scale [1] [4] [7] [10], resilience [3] [4] [5] [6] [9] [10], and efficiency but also expands the attack surface for cyber threats [2] [4] [5] [6] [7] [9] [10], making critical industries attractive targets for exploitation [4] [7] [10], including ransomware [3] [4] [7] [9] [10]. Approximately 75% of cyber incidents affecting manufacturing firms targeted these converged IT and OT systems, with 31% of incidents resulting in financial losses or operational downtime [6]. Companies affected by cyber incidents reported costs ranging from $200,000 to $2 million [5] [10] [11], particularly when enterprise systems or production control were impacted [3] [4] [7] [9] [10] [11].
It is projected that 70% of OT systems in companies across the US, Latin America [2] [6] [10], and Europe will connect to corporate IT networks within the next year [2] [6], up from 50%. However, only 45% of surveyed firms are adequately prepared for these cybersecurity challenges [3], and just 19% are considered ‘advanced’ in securing their IT/OT environments according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework [2] [6]. The study highlights a fragmented approach to security responsibility within manufacturing businesses [1] [3] [4] [9] [10] [11], with only 20% identifying Chief Information Security Officers (CISOs) as responsible for securing IT/OT environments, followed by Chief Risk Officers (14%) and Chief Technology Officers (13%) [6]. This lack of clarity can hinder effective risk management and underscores the necessity for firms to establish integrated security responsibilities and foster a security-focused culture.
Geraldine Kor [2] [3] [9] [11], Telstra International’s Head of Global Enterprise Business [2], emphasized the importance of greater connectivity between IT and OT for manufacturing innovation while acknowledging the heightened risks of breaches [9] [11]. She urged manufacturers to prioritize security across six core areas: collaboration and planning [4] [5] [7] [9], strategy definition [1] [4] [5] [7] [9] [10] [11], technical expertise enhancement [5] [11], responsibility assignment [1] [2] [3] [4] [5] [7] [9] [10] [11], tool utilization [1] [4] [5] [7] [9] [10] [11], and adherence to standards. The report also notes that traditional air gapping is no longer sufficient for protecting OT systems, as the IT-OT convergence expands the threat landscape [10] [11]. Ganesh Narayanan [9] [11], Global Head of Cyber Security at Telstra International [9], reinforces this point, advocating for a cohesive security strategy that clearly defines roles and responsibilities to enhance readiness against cyber risks.
Cyber-to-physical security attacks constituted a significant portion of incidents, predominantly occurring at higher levels of the IT/OT stack [5], with advanced persistent threats (APT) [5] [10], malware [5] [10], and distributed denial of service (DDoS) being the most common attack types [5]. The study identifies critical attack vectors and offers insights for executives overseeing IT and OT [1] [4] [7] [8], emphasizing that enhanced connectivity between these systems is essential for both new and existing manufacturing operations. Adam Etherington [9] [11], Senior Principal Analyst at Omdia [9], notes that pervasive connectivity between IT and OT is crucial for driving innovation [9], availability [1] [3] [4] [5] [6] [8] [9] [10], safety [1] [4] [8] [9], and security [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11].
Overall, many firms face costly outages and security incidents as traditional security measures struggle to keep pace with evolving threats [1] [4] [8] [9]. Understanding the causes of these incidents is crucial for proactive remediation [1] [4] [8], especially given the significant downtime costs associated with operational disruptions [8]. Organizations are encouraged to seek external assistance to address the challenges of finding skilled personnel who understand both IT and OT security. Nearly 90% of respondents acknowledged the importance of connecting IT with OT for positive business outcomes [5], with Industry 4.0 being a key driver of this convergence [5]. Additionally, 42% of firms are planning to outsource IT/OT security, a figure that rises to 51% in the USA [8], highlighting the urgent need for improved security measures in the manufacturing sector.
Conclusion
The increasing integration of IT and OT systems in manufacturing firms presents both opportunities and challenges. While it drives innovation and operational efficiency, it also exposes these firms to heightened cybersecurity risks. To mitigate these risks, companies must adopt comprehensive security strategies that include clear role definitions, enhanced technical expertise, and adherence to established standards. As the threat landscape evolves, the importance of proactive risk management and external collaboration becomes paramount. The future of manufacturing will depend on the ability to balance technological advancement with robust cybersecurity measures.
References
[1] https://www.automation.com/en-us/articles/february-2025/cyber-attacks-manufacturers-up-globally
[2] https://www.infosecurity-magazine.com/news/itot-fuels-manufacturing-cyber/
[3] https://www.manufacturingmanagement.co.uk/content/news/cyber-attacks-on-manufacturers-increase-globally
[4] https://www.prnewswire.com/news-releases/cyber-attacks-on-manufacturers-up-globally-but-less-than-half-prepared-in-security-302382922.html
[5] https://www.itpro.com/security/cyber-attacks/manufacturing-firms-are-struggling-to-handle-rising-ot-security-threats
[6] https://osintcorp.net/it-ot-convergence-fuels-manufacturing-cyber-incidents/
[7] https://cioinfluence.com/security/cyber-attacks-on-manufacturers-up-globally-but-less-than-half-prepared-in-security/
[8] https://betanews.com/2025/02/24/attacks-on-manufacturing-up-but-less-than-half-businesses-are-prepared/
[9] https://templeqms.com/blog/manufacturing-is-experiencing-an-increase-in-cyberattacks
[10] https://laotiantimes.com/2025/02/24/cyber-attacks-on-manufacturers-up-globally-but-less-than-half-prepared-in-security/
[11] https://www.intelligentciso.com/2025/02/24/cyber-attacks-on-manufacturers-up-globally-but-less-than-half-prepared-in-security/
