Skip to main content
CybersecurityInfrastructure

UK Manufacturers Hit by Widespread Cyberattacks

UK Manufacturers Hit by Widespread Cyberattacks

What happens when the machines that make the nation’s goods go silent for want of a patch? That is no longer an abstract worry: ESET’s recent research suggests that nearly 80 percent of British manufacturers experienced a cyber incident in the past year, with “factory outages, lost revenue, and supply chain disruption” becoming routine, the cybersecurity firm reports.

The picture is stark. Where once cyber incidents might have been confined to stolen email or compromised laptops, attackers are increasingly reaching into operational technology (OT) — the controllers, sensors, and PLCs that keep assembly lines moving. When those systems stumble, the consequences are not just data lost but products not produced, orders missed, and subcontractors left waiting.

Manufacturing’s digital transformation — an industrial internet of things (IIoT) rollout, remote-monitoring systems, and tighter ties between information technology (IT) and OT — has delivered efficiency. It has also extended the attack surface. Legacy controllers designed to run for a decade without internet-facing defenses now sit next to newer software that expects continuous patching. Where security and safety practices have lagged, attackers find footholds.

How did we arrive here? The roots are both technical and economic. First, many industrial control systems were engineered for reliability, not resilience to hostile code. Second, the economic structure of the sector — dominated in many regions by small and medium-sized enterprises (SMEs) that supply larger manufacturers — means a single vulnerable subcontractor can expose an entire chain. Third, cybercriminal tactics have matured. Ransomware groups, extortion schemes, and nation-state actors have developed tools and playbooks tailored to disrupt operations rather than merely encrypt files.

The immediate effects reported by manufacturers are familiar: production halts, emergency manual processes, overtime costs to recover output, and sometimes contractual penalties for late delivery. But the broader ripple effects can be harder to quantify: lost customer trust, insurance premium hikes, diverted engineering resources, and strategic delays for product launches. In sectors such as automotive or pharmaceuticals, where just-in-time supply chains are the norm, a single disruption can cascade rapidly.

Technologists watching this trend emphasize an uncomfortable truth: standard IT defenses do not map neatly onto factory floors. Endpoint detection and response (EDR) tools, patch-management systems, and identity controls that serve well in office environments often struggle with real-time control systems that cannot tolerate downtime. OT networks require different segmentation models, deterministic failover strategies, and visibility tools designed to respect process timing and safety constraints.

For policymakers the dilemma is equally nuanced. On one hand, manufacturers are critical to national economic resilience and employment; on the other, forcing rapid compliance through regulation risks imposing costs that burden smaller firms. Governments have options between carrots and sticks: grant programs to subsidize security upgrades, clearer guidance from national cyber agencies, and incentives for information sharing between industry and government. The National Cyber Security Centre (NCSC) in the UK has long advised firms on basic cyber hygiene; the question now is how to scale those recommendations into actionable, fundable programs for factories.

From the defender’s perspective, several practical approaches are repeatedly recommended by experts and, implicitly, underscored by the ESET findings:

  • Network segmentation: Physically or logically separate OT from corporate IT to prevent lateral movement.
  • Asset inventory and visibility: Know what controllers, HMIs, and edge devices are on the network and what software versions they run.
  • Patching and configuration management tailored for OT: Schedule safe maintenance windows and use compensating controls where immediate patching is infeasible.
  • Backup and recovery planning: Ensure offline or immutable backups of critical configuration and programme data to speed recovery from ransomware.
  • Incident response and tabletop exercises: Practice responding to disruptions that include production and supply-chain consequences, not just IT systems.

But these recommendations meet real-world constraints. Many manufacturers operate legacy equipment for which vendor support has ended; replacing industrial controllers can take months or years. Smaller suppliers often lack dedicated cybersecurity staff. And economic incentives sometimes push leaders to prioritize uptime and production quotas over security upgrades until after a costly incident occurs.

Adversaries — both criminal gangs and sophisticated nation-state actors — understand these incentives. Ransomware-as-a-service operators know that industrial victims may pay quickly to restore production. State-aligned actors seeking to erode economic capacity can aim for strategic disruption with low attribution risk. The line between criminal and geopolitical motives can blur, especially when an attack on a supply chain produces both profit and political leverage.

Insurance markets complicate the calculus. Cyber insurance can help firms recover financially after an incident, but rising claims have led underwriters to require stronger security baselines and to increase premiums. That in turn pushes manufacturers to invest in prevention, but also favors those who can afford higher coverage. The result may be uneven resilience across the sector.

There are encouraging signs. Larger manufacturers have begun to invest heavily in OT security, hiring specialized teams and building incident response playbooks that include supply-chain contingencies. Industry consortia and standards bodies are producing guidance aimed at the unique interplay of IT and OT. Some governments are expanding grant programs and direct support for SMEs to improve baseline cyber hygiene. But the ESET finding — that cyber incidents are now routine rather than exceptional — should be a call to accelerate these efforts.

None of this offers a silver-bullet solution. Cybersecurity in manufacturing is a systems problem: it requires engineering discipline, investment, process redesign, and above all, a mindset that treats digital and physical availability as jointly critical. For the factory manager, that means balancing the immediate pressures of throughput with longer-term resilience. For policymakers, it means crafting targeted incentives and practical standards that can be implemented in a sector where downtime is expensive and complexity is endemic.

If nearly eight in ten manufacturers have faced an incident in a year, the question is not whether more attacks will come, but whether the sector will adapt quickly enough to make them survivable. Can supply chains be hardened in time to prevent the next stoppage from becoming a national scramble? Or will disrupted production become the new normal, with customers and economies paying the hidden price of a digital industrial age?

Source: https://go.theregister.com/feed/www.theregister.com/2026/04/01/uk_manufacturer_cyberattacks/