A new analysis of the cyber threat landscape in the manufacturing industry by IDS-INDATA reveals a staggering 50% increase in supply chain attacks, making them the fastest-growing cyber threat to the industry.
The analysis also highlights alarming rises in ransomware (23.5%), malware (11.1%), and social engineering (8.6%) attacks, underscoring the vulnerabilities in ageing OT-IT networks.
Manufacturing Threat Type | 2023 (% of manufacturing businesses affected by these specific threats) | 2024 (% of manufacturing businesses affected by these specific threats) | Change (%) |
Spear Phishing | 84 | 88 | 4.8 |
Ransomware | 34 | 42 | 23.5 |
Malware | 45 | 50 | 11.1 |
Social Engineering | 35 | 38 | 8.6 |
Supply Chain Attacks | 20 | 30 | 50 |
As manufacturers increasingly rely on OT systems integrated with IT networks, unmanaged or legacy systems serve as weak links, creating entry points for sophisticated, AI-driven cyberattacks. Hackers are exploiting these gaps in security with alarming speed, leveraging AI to automate and adapt their tactics.
This surge in AI-enhanced malware, deepfake social engineering, and ransomware underscores the urgency of modernising these vulnerable systems.
Key findings
1. Supply Chain Attacks (50.0% Increase):
The significant increase in attacks of this type highlights the trend of targeting third-party vendors and suppliers to infiltrate manufacturing systems. In 2023, these threats affected 20% of manufacturing businesses, rising to 30% this year.
The interconnected nature of supply chains creates cascading vulnerabilities, making manufacturers susceptible to devastating disruptions. AI-driven tools are now enabling cybercriminals to automate the identification of weak points, accelerating the scale of these attacks.
2. Ransomware (23.5% Increase):
Ransomware attacks are becoming more sophisticated, with cybercriminals utilising AI to create malware that can adapt in real time to avoid detection. According to the analysis by IDS-INDATA, ransomware threats impacted 34% of businesses in 2023, which rose to 42% this year.
Older OT systems, often running on outdated software, are prime targets for these attacks. As a result, manufacturers face increased downtime, financial losses, and the risk of permanent damage to critical infrastructure.
3. Malware (11.1% Increase):
AI-powered malware is more sophisticated than ever, as proven by its impact on half of manufacturing businesses this year. These attacks can learn from network environments and adapt to exploit vulnerabilities within OT-IT networks, stealing sensitive data, disrupting productivity, and compromising system integrity.
4. Social Engineering (8.6% Increase):
Social engineering tactics, including phishing and impersonation, affected over a third of businesses in 2024 (38%). Due to AI-driven deepfakes and automated scams, these tactics have become increasingly influential.
Cybercriminals can create highly personalised attacks that exploit human error, one of the weakest links in manufacturing cybersecurity. This highlights the importance of ongoing training and awareness for manufacturers.
5. Spear Phishing (4.8% Increase):
AI has enhanced spear-phishing campaigns, enabling cybercriminals to customise emails for individuals using personal information obtained from public sources. The 4.8% increase in targeted phishing incidents highlights the ongoing prevalence of these campaigns against the manufacturing sector. Spear phishing remains the primary threat affecting 88% of businesses.
This trend likely stems from manufacturers’ reliance on email communication for operational logistics and coordination.
Proactive cyber defence
“The findings show an opportunity for manufacturers,” said Ryan Cooke, Chief Information Security Officer at IDS-INDATA. “Older systems that run on outdated software are increasingly vulnerable to attacks, whilst the lack of proper network segmentation dramatically increases the impact of malware and lateral movement.
Addressing these risks can help the industry overcome today’s sophisticated, AI-enhanced cyber threats, which is especially critical given the interconnected nature of supply chains.”
“We advocate for regular system checks to stay ahead of evolving threats,” Cooke continued. “IDS-INDATA’s testing and risk management services are designed to assess vulnerabilities in OT-IT networks and fortify defences against the growing tide of cyber threats, from ransomware to AI-powered malware.”
Long-term resilience
Manufacturers must also focus on resilience planning to ensure long-term cybersecurity. IDS-INDATA excels at developing short-term and long-term strategies, which include secure configurations, timely patching, and adherence to best practices in cybersecurity. These strategies ensure that manufacturers are prepared to recover from current threats and ready for future challenges.
“Effective resilience planning is essential in today’s cybersecurity landscape,” says Cooke. “By ensuring that OT-IT systems are securely designed, regularly patched, and aligned with best practices, manufacturers can create a strong defence against even the most sophisticated threats.”
Manufacturers are urged to take immediate steps to:
- Assess and update legacy systems to minimise vulnerabilities.
- Strengthen third-party risk management, especially for AI-enhanced cyber risks.
- Implement advanced threat detection and response strategies powered by AI.
- Regularly conduct cybersecurity training to recognise AI-driven phishing and social engineering tactics.
The cost of inaction is steep. With AI amplifying cyber threats, manufacturers must address vulnerabilities with the same level of sophistication to ensure resilience and security in the face of rapidly evolving threats.