September 3, 2025
Let's be honest — if you're running a manufacturing operation today, you're probably thinking about smart factory technologies. Who wouldn't want increased productivity, better quality control, and streamlined operations? But here's the reality check: while you're connecting more devices and systems to boost efficiency, you're also painting a bigger target on your back for cybercriminals.
In this blog, I’ll explore the scope of the problem and also how you can take advantage of cloud solutions without opening yourself up to attack.
Manufacturing Cybersecurity Statistics
The manufacturing industry has a low tolerance for downtime, and has had to make tough choices with its budget. Unfortunately, cybercriminals know this, which is one reason manufacturing makes such a tempting target for them.
Here are a few troubling recent stats:
- 80% of US manufacturers have critical vulnerabilities
- Over 25% of global cyberattacks target manufacturing
- Manufacturers experienced a 56% increase in ransomware attacks involving extortion and a 266% rise in information-stealing malware being injected into systems
- 37.5% of employees in large manufacturing organizations clicked on phishing links
When every connected device in your smart factory is a potential gateway for cybercriminals, and cybersecurity protections are notoriously lax, the only surprise for me is that these numbers aren’t worse.
But to be fair, there are a few structural issues at organizations that sideline cybersecurity concerns.
The IT-OT Disconnect That Sidelines Cybersecurity in the Manufacturing Industry
One of the biggest problems we see is the disconnect between IT and OT teams. Often, investment decisions for operational technology happen on the factory floor with minimal input from corporate IT and security departments. This creates a patchwork of different technologies with varying security capabilities that somehow need to work together on your existing network infrastructure.
This misalignment isn't just a communication problem — it's a security vulnerability. When IT and OT aren't synchronized on cybersecurity strategies, you end up with hidden blind spots that attackers can exploit.
The False Confidence Problem
Despite those stats and the ongoing headlines about cybersecurity disasters around the world, cyber risk owners within the manufacturing industry are still displaying overconfidence, with 76% believing they are cyber-resilient. The result? Manufacturers lag behind in providing sufficient cybersecurity awareness training to their employees, and only 23% of employees report incidents to IT.
After having in-depth conversations with a lot of our manufacturing clients over the past five years, it’s clear how we got here. But I do have some good news. It’s also clear what to do about it.
Proper Cybersecurity for Industrial Control Systems and Smart Factory Solutions
Here's your roadmap for building cyber resilience in your smart factory:
Get Your Governance Right
Establish formal cybersecurity governance that brings together your IT, OT, and business leaders. Make sure cybersecurity considerations are built into every technology investment decision from day one.
You don’t have to reinvent the wheel for this! National cybersecurity organizations provide recommended cybersecurity controls, which are broken down by organization size and type, so it’s much easier to see what your organization should be doing.
Pro tip: Cybersecurity and best practices are constantly evolving. What was considered sufficient protection back in 2019 isn’t enough today.
Prioritize Based on Risk
Most organizations don’t have unlimited time and resources. Fortunately, not all vulnerabilities are created equal. Focus your resources on the highest-risk areas first — typically your most critical production systems and any points where IT and OT networks intersect.
Control Access and Encrypt Everything
Implement strict access controls with multifactor authentication and encrypt data both in transit and at rest. Stay away from shared accounts, as they do not hold any accountability. Use digital signatures and cryptographic hash algorithms to ensure only authorized personnel can access critical systems.
Train Your People
Your employees can be your strongest defense or your weakest link. Regular cybersecurity training helps everyone recognize threats and respond appropriately. Make sure this training covers both traditional IT security and the unique aspects of OT security.
Plan for the Worst
Hope for the best, but plan for the worst. Have an incident response plan that covers both IT and OT systems. Test it regularly and make sure everyone knows their role when an attack happens.
Stay Compliant
Keep up with evolving regulations and industry-specific requirements such as IEC 62443, NIST 800-82, or ISO27001. Compliance isn't just about avoiding fines — it's about using proven security frameworks to prevent potentially disastrous attacks.
Don’t Neglect Physical Security Risks
In smart factories, where digital and physical systems are deeply interconnected, a breach of physical security can quickly escalate into a cyber incident. Consider implementing video surveillance systems, visitor logs, badge access controls, security guards, and barcode readers for any outgoing media or systems.
Get a Second Opinion
It’s difficult for most organizations to maintain fully staffed IT teams, let alone world-class cybersecurity experts. If you don’t have a chief information security officer (CISO) or a fractional CISO, you can work with a cybersecurity provider to assess your organization for any security vulnerabilities within your system and report their findings to your executive leadership team.
Pro tip: If you don’t have an accurate inventory of all the tools your employees are using, your cybersecurity assessment can also give you a handle on that.
What Marco’s Cybersecurity Assessments Are Designed To Do
Some IT providers will offer a simple online scan that spits out a lot of data, but not a lot of actionable insights. If your IT team and your executive leadership don’t speak the same language or see eye to eye, that’s not very helpful!
Our assessments are comprehensive. If anything, that’s an understatement. We look into your tools, but also how they’re configured and how they’re being used. We frequently find lax security settings that make it far too easy for a hacker (or a disgruntled employee) to do a lot of damage in a very short amount of time. When we’re done, we present an executive summary to your leadership and IT team, along with our recommendations for the next five years, prioritized according to risk.
Besides identifying security vulnerabilities before a hacker can, our goals are to get IT, OT, and the C-suite on the same page, looking at the same data, and speaking the same language. Click the link below to read more about how we approach these assessments and why.
