- Outdated manufacturing systems are an easy target for ransomware, crippling production lines. Securing legacy systems is critical to avoid costly business disruption and data breaches.
- Phishing is the main entry for attackers in manufacturing, leading to 87% of all incidents. Employee training is crucial to prevent these threats and protect critical systems.
- To combat ransomware and phishing, manufacturing must use multi-layered defenses. These include employee training, network segmentation, and strong authentication to build resilience.
As we see in the Trustwave SpiderLabs 2025 Manufacturing 2.0 Threat Report, the manufacturing sector is facing a rapidly increasing number of cyber threats with ransomware and phishing attacks being the attacker's primary weapon.
The focus on this sector has resulted in the cost of a data breach in manufacturing jumping nearly $1 million to $5.6 million in 2024 compared to the previous year. This means the manufacturing sector has the dubious honor of being well above the cross-industry average of $4.8 million.
The unfortunate news is that despite the rising and costly threat level, many companies in this sector remain unprepared to defend themselves.
One of the primary reasons for the increased risk is the industry’s reliance on aging and often outdated infrastructure. Many manufacturers continue to operate on legacy systems that cannot withstand modern cyberattacks yet still manage critical operations to this day.
The situation is made worse as stolen credentials for manufacturing systems are increasingly sold on the dark web, allowing cybercriminals to infiltrate enterprise resource planning (ERP) and operational technology (OT) networks, which can bring entire production lines to a halt and cause widespread supply chain disruptions.
The Danger of Unmanaged OT Devices and Legacy Systems
Manufacturers today face a growing security gap in their OT environments, driven largely by the sheer volume of unmanaged devices on the factory floor.
Trustwave's research found that 73% of OT assets in manufacturing facilities operate without fundamental security controls like software updates, authentication requirements, or network segmentation.
These devices, often essential to daily production, are frequently connected to broader networks but lack the visibility and oversight needed to detect or respond to threats. This blind spot gives attackers a clear advantage, providing multiple pathways into critical systems.
Unlike IT assets, which users can patch or update relatively easily, OT systems often remain unchanged for years — sometimes decades — because any disruption risks halting production.
However, this long-standing operational mindset may increase the risk of ransomware or other cyberattacks if vulnerabilities in old devices aren’t managed and resolved.
Ransomware's Chokehold on U.S. Manufacturers
Trustwave SpiderLabs' research found that 54% of ransomware attacks on the sector worldwide now target U.S. manufacturers, with machinery manufacturers hit the hardest, accounting for 14% of incidents. Cybercriminals know that manufacturing businesses cannot afford prolonged downtime, making them more likely to pay ransoms to restore operations quickly and essentially giving quick wins to criminals.
To protect the industry from ransomware, it’s important to have multiple layers of defense and be ready to respond quickly.
Manufacturers should consider 24/7 monitoring and response services, like Managed Detection and Response (MDR), to spot and stop threats before they become serious. Separating your OT systems from your regular IT networks helps limit the damage if an attack happens.
Regularly backing up important systems and data offline also ensures you can recover quickly, without needing to pay a ransom. Of course, keeping systems up to date — including both older and newer technology — can help close the security gaps that ransomware attacks often target.
Building a Cyber-Resilient Manufacturing Operation
Phishing remains the most common entry point for attackers, accounting for 87% of cyber incidents in manufacturing. A single click of a malicious link from a phishing email can potentially open the gateway for a hacker to steal login credentials or gain access to critical systems.
The path to cyber resilience in manufacturing starts with a shift in mindset—from treating cybersecurity as an afterthought to making it an integral part of operational strategy.
Employee training is the first line of defense: manufacturers should implement regular, role-specific security awareness programs such as Trustwave’s Managed Phishing for Microsoft to help staff recognize phishing attempts, social engineering tactics, and unusual system behavior. Layering this with multifactor authentication (MFA) and secure email gateways can block many phishing attempts before they ever reach the inbox.
Additionally, manufacturers should collaborate with threat researchers to provide tailored threat intelligence and context around the nuances of OT security to ensure defenses evolve alongside cybercriminal tactics.
Cybersecurity as a Competitive Advantage
Cybersecurity is a critical differentiator for any organization today. Customers, partners, and investors increasingly expect robust security measures to protect shared data and maintain supply chain integrity.
Organizations that take a proactive approach to cybersecurity are better positioned to win contracts, attract investment, and build trusted, long-term relationships. Beyond reputation, there are real financial incentives as well — manufacturers with strong security practices can reduce downtime from cyber incidents and lower operational costs.
Conversely, manufacturers that rely on outdated security practices remain prime targets for cybercriminals, facing breaches and disruptions that often far exceed the cost of modern security investments. For the manufacturers of today and tomorrow, cybersecurity is a business imperative and a vital component of maintaining competitive advantage in a security-conscious market.
A version of this article originally appeared in Industry Today
Legacy Manufacturing Systems: A Hacker’s Playground - Industry Today - Leader in Manufacturing & Industry News
