Why the Manufacturing Sector Faces Heightened Cyber Security Risks

The digital transformation of the UK manufacturing sector presents tremendous opportunities for innovation, efficiency, and growth. However, this increasing digitalisation also exposes manufacturers to unprecedented cyber security risks. Recent studies and government reports reveal that UK manufacturing businesses are experiencing an alarming rise in cyber-attacks, with many finding themselves ill-equipped to defend against these sophisticated threats. This blog explores why the UK manufacturing sector has become a prime target for cyber criminals and what can be done to enhance protection against these growing cyber threats.

The Growing Cyber Threat Landscape for UK Manufacturers

The manufacturing industry in the UK is experiencing an unprecedented surge in cyber-attacks. According to recent research conducted by IDS-INDATA, supply chain attacks against UK manufacturers increased by a dramatic 50%, making them the fastest-growing cyber menace to the manufacturing sector. In 2023, these threats impacted 20% of manufacturing businesses and are projected to rise to 30% in 2024. This alarming trend highlights how cyber criminals are increasingly targeting the interconnected nature of manufacturing supply chains.

Ransomware attacks have also seen a significant 23.5% increase, affecting 34% of manufacturing businesses in 2023 and expected to rise to 42% in 2024. The manufacturing industry represented 20% of all cyber extortion attacks in 2023, marking a 42% increase compared to 2022, and significantly more than the second-most targeted industry. These statistics demonstrate that manufacturing has become one of the most attractive sectors for cyber criminals seeking financial gain.

A broader survey by Make UK found that almost half of Britain’s manufacturers have been victims of cyber-crime over the last 12 months, with over a quarter reporting financial losses because of these attacks. The severity of the situation becomes even more apparent when considering that 56% of manufacturing companies in the United Kingdom could not defend themselves from cyber-attacks as of September 2022. This vulnerability places the sector at a distinct disadvantage against sophisticated cyber threats.

Why Manufacturers Are Particularly Vulnerable

The manufacturing sector’s heightened vulnerability to cyber-attacks stems from several factors unique to the industry. First and foremost, the sector’s rapid adoption of digital technologies as part of Industry 4.0 initiatives has created new entry points for cyber criminals. As manufacturers embrace smart technologies, data analytics, and AI-driven automation, they inadvertently expand their attack surface, creating more opportunities for cyber breaches.

Industrial control systems (ICS) represent a particularly vulnerable area for manufacturers. These systems, which control and monitor industrial processes, can be targeted by cybercriminals to disrupt production or cause physical damage to equipment and machinery. Unlike purely digital assets, attacks on industrial control systems can have physical consequences that extend beyond data loss, potentially endangering workers or causing catastrophic damage to production facilities.

Another critical vulnerability lies in the interconnected nature of manufacturing supply chains. Cyber criminals often target the manufacturing industry’s supply chain to gain access to systems and data, either by compromising suppliers’ systems or by intercepting communications. This lateral movement through the supply chain allows attackers to bypass the security measures of larger, more secure manufacturers by exploiting the weaker security postures of smaller suppliers.

Legacy system vulnerabilities represent yet another significant challenge. Many manufacturing systems rely on outdated hardware and software that may not receive regular security updates. According to the National Cyber Security Centre (NCSC), these legacy systems, when connected to modern networks, create dangerous security gaps that can be easily exploited. The convergence of operational technology (OT) and information technology (IT) networks, while beneficial for efficiency, creates additional security challenges as traditionally isolated industrial systems become exposed to internet-based threats.

The Multifaceted Impact of Cyber Attacks on Manufacturing Operations

The consequences of cyber-attacks on manufacturers extend far beyond immediate financial losses. Production stoppages represent the most common result of cyber-attacks, affecting 65% of manufacturers who experienced a breach. In an industry where production efficiency and just-in-time manufacturing are paramount, even brief interruptions can lead to significant financial losses and difficulties meeting customer demands.

Reputational damage ranks as the second most significant impact, affecting 43% of breached manufacturers. In an increasingly competitive global marketplace, a damaged reputation can have long-lasting effects on customer relationships and market position. Companies further revealed that new customers now want reassurance on details of the cyber security measures in place before signing contracts, indicating that poor cyber security can become a barrier to business growth.

The financial impact of cyber-attacks on manufacturers can be substantial. While the UK Government estimates that the most disruptive breach for each business resulted in an average loss of around £1,100, for medium and large businesses, this figure rises to approximately £4,960. More alarmingly, research by Make UK found that 25% of manufacturers who suffered cyber-attacks reported losses ranging from £50,000 to £250,000. In extreme cases, such as the cyber-attack on Morgan Advanced Materials, the cost can reach up to £12 million.

Intellectual property (IP) theft represents another significant concern for manufacturers. With the UK manufacturing sector creating substantial amounts of valuable IP, from designs and patents to trade secrets, cyber criminals targeting this information can cause devastating long-term damage to a company’s competitive advantage. The economic cost of IP theft from UK businesses is estimated at £9.2 billion per annum, with manufacturing being particularly vulnerable due to its creation of significant quantities of IP that may be relatively easy to exploit.

The Preparedness Gap Among UK Manufacturers

Perhaps most concerning is the significant gap between the recognition of cyber threats and actual preparedness among UK manufacturers. While nearly 95% of manufacturers acknowledge that cyber security measures are necessary for their company, 54% have taken no further cyber security action despite adopting new production-boosting technologies. This inaction creates a dangerous security gap that leaves many manufacturers exposed to increasingly sophisticated cyber-attacks.

This reluctance to invest in cyber security stems from several factors. The cost of the initial outlay on cyber security remains the main barrier for business, along with the cost of maintaining systems. For small and medium-sized enterprises (SMEs) with limited resources, these financial constraints can be particularly challenging to overcome.

Another concerning trend is that a third of manufacturers have decided against implementing smart technologies for fear of cyber-crime—a decision that could ultimately stunt their productivity and growth. This defensive approach represents a significant opportunity cost, as manufacturers forego the benefits of digital transformation due to cyber security concerns rather than addressing those concerns directly.

The result is a sector with significant vulnerability. According to Statista, as of September 2022, around 56% of the manufacturing companies in the United Kingdom could not defend themselves from cyber-attacks. This statistic represents a troubling reality that over half of UK manufacturers remain ill-equipped to face the growing cyber threat landscape.

Building Cyber Resilience in the Manufacturing Sector

To address these challenges, UK manufacturers need to adopt a comprehensive approach to cyber security that balances the benefits of digitalisation with appropriate risk management. A critical first step is identifying which systems and parts of those systems to assess, along with the points at which they can be accessed, effectively mapping the ‘attack surface’. This approach allows manufacturers to prioritise their security investments based on risk.

Employee awareness and training represent another essential component of cyber security. As many threat events originate accidentally from within the company, ensuring all employees understand policies, responsibilities, and common threats like malware or phishing is crucial. Without company-wide awareness, even the best-protected systems remain vulnerable to human error.

For small and medium-sized manufacturers with limited resources, the Cyber Resilience Centre offers a range of affordable services and guidance. Similarly, the High Value Manufacturing Catapult has produced a Cyber Security Risk Assessment for Advanced Manufacturing, a practical guide for manufacturers looking for advice on analysing and mitigating their risk.

Implementing a response and recovery plan is equally important. As manufacturing processes and systems become more complex and connected, constant monitoring of vulnerabilities becomes imperative. Every company should have a plan that reduces downtime, prevents loss, and enables fast investigation of incidents.

Conclusion

UK manufacturing faces an unprecedented level of cyber threat, with statistics clearly showing the sector is disproportionately targeted compared to other industries. The combination of valuable intellectual property, increasingly connected systems, supply chain vulnerabilities, and legacy technology creates a perfect storm of cyber risk for manufacturers.

The financial, operational, and reputational consequences of cyber-attacks on manufacturers underscore the urgent need for improved cyber security measures across the sector. While the challenges are significant, they are not insurmountable. Through a combination of risk assessment, employee training, technological solutions, and incident response planning, manufacturers can enhance their cyber resilience without sacrificing the benefits of digital transformation.

As manufacturing becomes more digital, the question is not whether to address cyber security concerns, but how to do so effectively while continuing to innovate and grow. Those manufacturers who succeed in balancing these priorities will not only protect themselves from potentially devastating cyber-attacks but will also gain a competitive advantage in an increasingly security-conscious marketplace.

If you would like to discuss any of the topics covered in the above article please get in touch with our experienced team – info@somniacsecurity.com

Sources: