Cyberattacks can lead to the loss of confidential data, disrupt critical operations, and severely damage the reputation of manufacturing companies — a sector that urgently needs to advance its digital transformation to reduce cyber vulnerabilities.
The manufacturing industry has undergone a profound transformation with the integration of new technologies. Automation, robotics, IoT, and data analytics have become essential components of modern production processes. Whether in automotive, electronics, food, fashion, or pharmaceuticals, manufacturers are embracing these innovations to boost efficiency, lower costs, and enhance product quality.
However, the momentum of the Fourth Industrial Revolution and the rapid pace of digital transformation have exposed an unexpected weakness: many companies have become prime targets for cyberattacks. According to IBM’s “X-Force Threat Intelligence Index”, the manufacturing sector has ranked as the most attacked industry for the third year in a row. Cybersecurity has therefore become an urgent priority, impacting not just IT departments, but the entire organizational structure.
Hacked Vehicles, Pharmaceutical Cyberespionage, and Leaked Patient Data
This growing urgency is particularly evident in industries like automotive manufacturing, which is itself undergoing a deep technological transformation towards electrification and sustainable mobility solutions. A recent report by Upstream Security revealed a 60% increase in cyber vulnerability incidents between 2023 and 2024.
This data highlights incidents such as a ransomware attack in which hackers, through connected vehicle assistance apps, were able to remotely unlock car doors, access charging infrastructure, and alter ownership records within seconds. The impact was severe: over $1 billion in economic damages and a $25 million ransom demand.
Similarly, in the pharmaceutical sector, the COVID-19 pandemic triggered a sharp rise in cyberespionage activities. These attacks targeted not only pharmaceutical companies but also laboratories, R&D centers, and universities.
By 2024, breaches involving clinical patient data in the United States continued to rise, fueled by the growing digitization of medical records, vulnerabilities during identity verification processes, and risks embedded in the supply chain. The financial impact: estimated losses amounting to as much as 24% of annual profits.
More Vulnerable Food Supply Chains
Digital transformation has revolutionized supply chains, bringing greater integration, enhanced traceability, streamlined workflows, cost reductions, and improved transparency. However, this progress has also made supply chains increasingly vulnerable to sophisticated cyber threats.
According to a survey by Crowdstrike, 84% of companies believe that an attack on their supply chain is not only possible, but imminent. In sectors like the food industry—where around 50% of manufacturing processes now depend on software—ransomware attacks have become a lucrative business model for cybercriminals.
Notable incidents, such as the cyberattack on several agricultural cooperatives in the United States in 2022, have exposed the sector’s fragility, causing severe disruptions in food production and underlining the strategic importance of securing supply chains.
Cybercrime and Nation-States
As global conflicts and geopolitical tensions escalate, nation-state-backed actors are increasingly behind destructive cyberattacks, a trend highlighted in Microsoft’s “2024 Digital Defense Report”.
There is no shortage of examples: North Korea has been linked to cryptocurrency attacks, while Russian cyber operations have targeted critical infrastructure in Ukraine. In the United States, authorities have raised alarms over Chinese state actors embedding themselves in critical sectors such as communications, energy, transportation, and water supply, positioning themselves for potential disruptive attacks in the event of a military escalation.
Industrial espionage conducted via cyber means enables covert access to sensitive intellectual property, advanced technologies, and trade secrets—accelerating domestic innovation while undermining international competitors.
By exploiting these vulnerabilities, states can gain geopolitical leverage without resorting to open military conflict. Such cyber strategies function as asymmetric warfare, destabilizing or pressuring adversaries while maintaining plausible deniability on the global stage.
Industrial Operations, Target of Cyberattacks
The expansion of the Industrial Internet of Things (IIoT) has increasingly blurred the lines between operational technology (OT) and information technology (IT), exposing industrial systems to a higher risk of cyberattacks.
According to Waterfall Security Solutions’ “2024 Threat Report”, cyber incidents with physical impacts on the operational systems of manufacturing companies rose notably in 2023, with 68 recorded attacks affecting over 500 sites worldwide. Half of the targeted companies were in key sectors such as electronics, automotive, shipbuilding, cosmetics, and steel production—highlighting how industrial environments have become prime targets for cybercriminals seeking to disrupt essential production processes.
The Role of Cybersecurity Regulations
Institutional involvement is crucial in strengthening cybersecurity. In the European Union, the NIS2 Directive has been introduced to achieve a unified, high level of cybersecurity and ensure the continuity of essential services across 18 critical sectors.
The directive requires each Member State to adopt a national cybersecurity strategy, with policies covering supply chain security, vulnerability management, and public education and awareness.
Now in the process of being transposed into national laws, NIS2 also mandates the creation of a network of Computer Security Incident Response Teams (CSIRTs), tasked with exchanging information about cyber threats and coordinating responses to incidents.
Furthermore, alongside directives like NIS2 and the also European CER, which focuses on the resilience of critical entities and infrastructures, manufacturers worldwide are facing an expanded regulatory landscape. These frameworks require companies to implement measures that protect customer data, financial records, and other sensitive information.
Depending on the industry, there may also be specific cybersecurity standards and obligations, as seen in sectors such as aerospace and defense.
Zero Trust and Information Security
In the United States, the National Institute of Standards and Technology (NIST) has developed a Cybersecurity Framework to guide organizations in managing and mitigating cyber risks, providing widely accepted best practices. Similarly, the International Organization for Standardization (ISO) offers the ISO 27001 certification, recognized globally as a benchmark for information security management systems.
In addition to adhering to these regulations, companies must design and implement robust security strategies to close potential gaps and counter risks effectively. One essential approach is adopting Zero Trust protocols, which require strict verification of every access request. Meanwhile, threat intelligence tools can help assess and preempt attacks on critical infrastructure.
Finally, the human element remains indispensable in cybersecurity. While technology provides the tools, interpreting data, making informed decisions, and executing response plans depend on skilled professionals. To enhance their teams’ readiness and effectiveness, organizations must foster a culture of cybersecurity and invest in continuous training for all employees.
