By Dominic Carroll, Director of Portfolio at e2e-assure

As the UK Manufacturing sector faces challenges posed by threat actors, the need to manage associated risks more effectively must be a priority. Our recent research reveals that 76% of Manufacturing employees have experienced cyber attacks at work—the second highest compared to other industries including Professional Services, Healthcare and Financial Services. Further to this, 82% of cyber risk owners report experiencing attacks, representing an increase from 78% the previous year.

This escalation isn’t coincidental. Manufacturing’s critical role in the economy, combined with its low tolerance for operational downtime, makes it a popular target for cyber criminals. When production lines halt and supply chains falter, organisations face immense pressure to restore operations quickly—even if it means paying ransoms or bypassing proper security protocols. Manufacturing is also embedded in other sectors, creating complex supply chains, enabling cyber criminals’ actions to have far-reaching impact. A recent example of this was the CDK Global Outage, whereby the automotive manufacturer was hit with a ransomware attack affecting thousands of U.S. auto dealerships.

The risk vs reward of AI adoption

Artificial intelligence presents endless opportunities and potential risks for cyber risk owners in Manufacturing. On one hand, AI-powered tools can improve workflows by handling admin processes and allowing security teams to dedicate more time to identifying and defending against inbound attacks.

However, when put in the wrong hands, AI is empowering cyber criminals with sophisticated new attack methods. Even when employees choose to use AI to enhance efficiencies, the use of unauthorised software is actually compounding the risks not preventing them. The research reveals that Manufacturing’s regular use of AI should be a cause for concern. If we look at responses from employees about usage of generative AI, Manufacturing has the highest usage; 37% of employees use it every day or at least once a week.

Further to this, the vast majority (82%) of cyber risk owners report feeling either ‘very’ concerned or ‘somewhat’ concerned about AI (the joint highest alongside Professional Services), yet 80% are confident in the AI policies they have in place in their organisation. Cyber risk owners need to acknowledge the vital part employees play in an organisation’s security as despite this confidence, over half (52%) of employees say that their company has a policy but they’re not aware of what it is (33%) or believe that their company doesn’t have one (19%). This, coupled with the high AI usage, is concerning and could result in employees unintentionally putting organisational resilience at risk, with unauthorised technologies going unmonitored by security teams.

A lack of effective monitoring might explain the challenges providers are having in detecting and responding to threats within Manufacturing. It’s vital that cyber risk owners within Manufacturing get a grasp on internal risk, and with this gain a holistic picture of the company’s full technology stack. They can do this by prioritising visibility across both IT and operational technology environments to detect threats early.

The human factor: training as the first line of defence

While failures to IT systems and solutions often grab headlines, human error remains the primary gateway for cyber attacks. Social engineering tactics, phishing campaigns, and credential theft succeed because employees lack the knowledge and tools to recognise threats. This vulnerability is particularly acute in Manufacturing, where workers may have limited exposure to cyber security training compared to their counterparts in Professional Services, Healthcare and Financial Services.

While 76% of cyber risk owners say their workers are engaged in cyber security training, under half of employees agree, with only 36% claiming to be “very engaged” in training. With phishing being a key tactic for cyber attackers looking to infiltrate Manufacturing organisations, it’s essential that cyber risk owners in the sector have a complete view of internal vulnerabilities and educate employees on how to spot suspicious emails and common tactics, rather than discipline them when a breach does occur.

With the research finding a low proportion of cyber risk owners are offering training, despite a large number of employees witnessing breaches, it’s vital that training is implemented, and in a way that focuses on the personal actions people can take to protect a company’s cyber security. Effective security awareness training must go beyond annual compliance sessions to evolve with the threat landscape.

Building collective responsibility: a shared security culture

As Manufacturing organisations continue to remain a top target for cyber criminals, it’s vital that the sector turns its attention to building holistic resilience from the ground up, embedding the combined belief that it is the collective responsibility of everyone, to mitigate cyber risks and understand the consequences of bad cyber hygiene.

Effective cyber security in Manufacturing requires a fundamental shift from viewing security as an IT department responsibility to embracing it as a shared organisational capability. This cultural transformation begins with leadership commitment and cascades through every level of the organisation.

Communication plays a crucial role in building security awareness. Technical security teams must translate complex threats into language that resonates with production managers, quality engineers, and frontline workers. Security metrics should align with operational objectives, demonstrating how cyber security investments protect productivity, quality, and customer relationships.

Employee training programmes must reflect this shared responsibility model. Rather than positioning security as a constraint on productivity, training should emphasise how good security practices enable reliable operations. Workers should understand not just what to do, but why security matters for their specific roles and the broader organisation.

The Manufacturing sector’s cyber security challenges are complex but not insurmountable. Success requires sustained commitment to building security capabilities that match the sophistication of contemporary threats. This means investing in technology, training, and organisational culture with equal vigour.

Organisations that embrace cyber security as a strategic capability will not only protect themselves from attacks but also gain competitive advantages through improved operational resilience and customer trust, not to mention reducing disruption, protecting supply chains and staying ahead of emerging threats.

Read other recent news: https://industrial-compliance.co.uk/category/news/