In the manufacturing industry, IT and OT systems are converging, automation is accelerating and supply chains are more interconnected than ever before. While these changes are about progress, they also introduce new risk. A single compromise now has the potential to completely halt production and ripple across global logistics.
Earlier this year, Jaguar Land Rover experienced this firsthand. A cyber incident forced the suspension of operations across multiple plants, disrupting thousands of suppliers and costing the UK economy an estimated £1.9 billion.
Identity as the new perimeter
Obrela’s latest Digital Universe Report highlights that 29% of manufacturing-related incidents in the first half of 2025 stemmed from suspicious internal activity. Insider misuse and adversaries using stolen credentials to move laterally are now among the most damaging threats.
In OT environments legacy systems and safety constraints often limit patching and monitoring, which means compromised identities can inflict more damage than external exploits. As a result, identity has become the true perimeter and protecting it is critical.
Tailored attacks on manufacturing
The report also reveals that 24% of incidents were specifically targeted at manufacturing processes. These attacks focus on control systems, industrial configurations and automated workflows and are carefully designed to remain undetected, while causing maximum disruption.
Malware remains a major issue, accounting for 17% of incidents but it is evolving. Remote-access tools, credential stealers and fileless techniques are increasingly used for persistence and espionage, not just extortion.
Advanced threat actors
Groups such as Lazarus, APT33, and UNC3944 are actively targeting the manufacturing sector. Their operations blend geopolitical and financial motives, exploiting smart production environments, legacy ICS components and global supply chains. An attack on one supplier can quickly cascade into systemic disruption.
Many vulnerabilities are not flaws in technology, they are actually a result of progress. Factories that once relied on isolated, proprietary machinery are now highly connected ecosystems, exchanging real-time data with ERP systems, logistics platforms, and suppliers.
Each new connection may boost efficiency but it also expands the attack surface. Traditional perimeter defences cannot protect this evolving network of devices, sensors, and human operators.
Cybersecurity as operational resilience
A single malware intrusion can halt an assembly line, so cybersecurity must evolve from a compliance checkbox into an essential safeguard of operational resilience. Obrela data shows that its advanced MDR services, powered by human intelligence, deliver detection and response times that are measured in minutes.
The rise in credential misuse, whether through error, coercion, or compromise, needs a cultural shift, one where cybersecurity is embedded at every layer of operational governance.
Cybersecurity controls should be treated as production safeguards that are every bit as critical as physical safety protocols. The most resilient organisations will embrace attack visibility as a core competency. Spotting anomalies, such as a misconfigured PLC or a subtle process deviation can avert a crisis.
Today’s adversaries are not only attacking for ransom, but they are also attacking for influence. They infiltrate silently and wait. Manufacturing leaders must recognise that you cannot defend what you cannot see, and you cannot recover from what you do not understand.
You can access MDR for OT to learn more how Obrela can help you address the challenges in the manufacturing domain.
