Old school technology and approaches create huge cyber risk
Many manufacturers still operate with antiquated operational technology (OT) systems that lack modern security features. These legacy systems, while often assumed to be isolated from IT networks, create a false sense of security – what some experts call "cyber security through obscurity." In practice, remote maintenance access, ad-hoc integrations added over time, IT/OT convergence and undocumented legal pathways frequently undermine this isolation, leaving OT environments exposed despite appearing disconnected.
“The assumption that disconnection equals protection is dangerously flawed. It reduces resilience and leaves manufacturers ill-prepared when breaches do occur. Just because a piece of technology is disconnected or well isolated does not mean it is adequately secured.”
Even on the IT side, aged systems are prevalent. Manufacturing organisations have historically prioritised investment in production capabilities over technology infrastructure, viewing cyber security spending as a sometimes necessary cost rather than a strategic investment. Many achieve the minimum standards required for compliance but invest "not a cent more," seeing little return on security expenditure beyond reduced compliance risk.
Workforce cyber education remains a weak point in the sector as well. A large share of successful cyberattacks originate with social engineering, especially phishing emails. Additionally, not only is manufacturing’s workforce less technologically adept than in other sectors, but physical manufacturing sites are so removed from IT operations that cyber education is often minimal or even completely omitted. This makes manufacturers easy targets for opportunistic cyber criminals; sophisticated attack methods are unnecessary when a simple email will do. However, sentiment may be changing, as 39% of executives believe that cyber security and risk management are the investments they are most confident will give them the best return on investment in 2026.
Manufacturing supply chains often span thousands of suppliers across multiple geographies, making them less agile and responsive than more digital or more local supply chains.
“Supply chains are very hard-coded in manufacturing, so it can be difficult or impossible to swiftly rearrange them in the event of a cyber-incident to maintain continuity. The whole supply chain can weaken without the right measures in place.”
Roman Krepki Senior Manager, Forvis Mazars, Germany
When one link fails, the entire chain can collapse. Additionally, many recent breaches have originated through suppliers, logistics partners or software vendors; as a result, downtime can disrupt the supply chain, while cyberattacks can mobilise throughout digital chains as well.
Whilst manufacturing may not always consider itself a data-rich sector, there is value for bad actors to extract. The concern is not about intellectual property theft of specific products – after all, most products can be reverse-engineered. Instead, the real value lies in production know-how: the knowledge of how to manufacture at scale efficiently. This information about how to organise the plant, workers, conveyors and production processes resides on IT systems and represents a significant competitive advantage worth protecting.
Despite manufacturers increasingly embracing digital transformation – and moving away from the isolated, disconnected legacy model – cyber security is not always one of the top drivers for these transformation initiatives. For many manufacturers, but not all, when digital transformation receives investment and focus, cyber security is often left behind or addressed after as a secondary concern.
This dynamic is clearly visible in the attitude towards emerging technologies. In the EU, there is greater reliance on programmed logic and hard rules-based automation, with AI used primarily for business functions, partly due to regulatory constraints hanging over innovation measures. Globally, AI is making its way nearer to or even onto the production line, with 80% of executives saying they have restructured their teams in the last two years to support AI.
This rush toward emerging technologies risks manufacturers skipping crucial security steps. The savviest organisations prioritise resilience over having the latest technology just for the sake of having it, but the fundamental challenge remains; security infrastructure is not exciting, even when organisations know it is necessary.
 |
“The challenge for manufacturers is to embrace digital transformation, which increases their threat surface, without creating undue risk. Digitisation must be balanced with cyber protections, not just for compliance’s sake but for business continuity’s sake.” -Bryan Wright, Partner, Forvis Mazars US
|
Compounding these issues is a significant cyber and IT skills shortage within manufacturing. Many organisations do not understand how to implement or conceptualise security policies and they are unwilling or unable to pay market salaries for specialists. This expertise gap leaves manufacturers vulnerable even when they recognise the need for better security.
For manufacturers in 2026, the path forward requires treating cyber security as a critical business continuity issue. This means investing in security infrastructure, bridging the IT-OT divide and building resilience across supply chains.
Organisations already embracing technology and connectivity, or who plan to do so in 2026 and beyond, must build resilience into systems. The sector is an attractive target for cyber criminals and as their attacks become more sophisticated and targeted, cyber defences must evolve accordingly.
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.
