Manufacturing was the most targeted industry by cybercriminals in 2025, for the sixth consecutive year. Yet only one in seven businesses assesses cyber risk in their supply chain – and attackers know it.

Cybersecurity now threatens the day-to-day operations, reputation, and survival of manufacturing businesses across the UK. That’s the assessment from the UK’s National Cyber Security Centre (NCSC), reinforced by a pattern of incidents that should concern every management team.

“With a 50% rise in highly significant attacks on last year, our collective exposure to serious impact is growing at an alarming pace. The best way to defend against these attacks is for organisations to make themselves as hard a target as possible. That demands urgency from every business leader. Hesitation is a vulnerability, and the future of their business depends on the action they take today,” says Dr Richard Horne, Chief Executive of the NCSC.

The most immediate danger facing manufacturers is ransomware, which exploits something every manufacturer understands: the cost of downtime. Attackers find a vulnerability in your IT network, encrypt your data and wait. Every hour your production is offline, the pressure to pay grows. That pressure is deliberate and effective, and one of the main reasons victims feel they have no choice but to pay up – typically in cryptocurrency as it's significantly harder to trace.

In the past 12 months, victims have included major organisations such as M&S, Co-Op, Jaguar Land Rover and large healthcare organisations. Attackers don’t care who you are or what sector you serve. They target whoever is vulnerable, whoever can’t afford downtime and whoever holds data worth ransoming. Manufacturers tick all three boxes.

At Made in Group’s latest Industry Meet-Up, a Cyber Protect Officer from West Yorkshire Police set out what manufacturers can do to get ahead of the threat.

Three reasons manufacturers still aren’t acting

The NCSC has identified a consistent pattern behind why businesses remain underprepared, and it has nothing to do with technical complexity.

The first is optimism bias – the belief that “we are unlikely to be targeted.”

The second is competing priorities – cybersecurity is recognised but rarely treated as urgent, so it gets pushed behind day-to-day pressures like production targets, orders and deadlines.

The third is the most widespread – cybersecurity is still treated as an IT issue rather than a business risk. It isn’t. Cyber risk belongs alongside fire, health & safety and financial risk. The businesses that understand that are the ones building genuine resilience. The ones that don’t are waiting for a crisis to make the argument for them.

“Small businesses often tell us that cybersecurity feels too technical, too expensive or too time-consuming. Yet, the cost of not acting is far higher,” the Officer warned.

The shift every manufacturer needs to make

The scale of the threat has forced a shift in the NCSC’s message. Prevention still matters, but recovery is now equally important. Waiting to be attacked and then responding is no longer a viable strategy – by the time you respond, the disruption and the cost are already compounding.

That shift in thinking has a specific implication for manufacturing businesses: your supply chain is as much a vulnerability as your own systems. Only 14% of businesses assess cyber risk across their supply chain. Attackers know this. A compromised supplier is a back door into your operation, and most manufacturers have left it unlocked.

At the same time, threat actors are evolving. AI is increasingly being used for more targeted, more frequent and harder-to-detect cyberattacks.

5 actions to improve your cybersecurity

The good news is that the required actions are straightforward and within reach for most manufacturers. They do not require specialist technical knowledge or significant capital investment. They require decision-making and follow-through.

1. Own cyber risk at the leadership level – Cyber risk needs to sit on the board agenda alongside every other operational risk. Assign clear accountability, put governance processes in place and make sure senior leaders are actively involved, and not just informed after an incident.
2. Train your people – The majority of successful attacks begin with human error: a clicked link, a weak password, an unverified request. Regular, practical awareness training reduces that risk significantly.
3. Secure and update your systems – Outdated, unpatched software is one of the most common entry points for attackers, and one of the most straightforward to address. Configure systems securely, disable features no longer used and keep everything up to date. The NCSC is also pushing passkeys as the new standard to replace passwords.
4. Tighten access controls – not every member of staff needs access to every system. Limit permissions to what each role genuinely requires, and enforce strong authentication across all systems. Reducing access is one of the most effective and underused controls available.
5. Secure your own supply chain – Set clear cybersecurity expectations for suppliers. Understand where the shared vulnerabilities are and work with partners to address them. Your resilience is only as strong as the weakest point in your chain – and most of those weak points remain unassessed.

No longer a question of if, but when – and whether you can recover

The cyber threat to manufacturing is real, growing and not going away.  The Officer concluded: “Those that act early, that build resilience, and treat cybersecurity as a core part of business risk are the ones that will survive disruption, protect their customers and maintain trust in their brand.”

For more information on protecting your business, visit the West Yorkshire Police Cybercrime website.

Cyber Protect Officers operate regionally across the UK. To find your local officer, visit the National Cyber Security Centre (NCSC) website or ask your local police force.

Join our Next Industry Meet-up!

The opportunity to openly discuss challenges, opportunities and solutions is what makes the Made in Group’s Industry Meetups so invaluable.

During these captivating virtual events, industry experts, thought leaders, and professionals gather to share knowledge, insights and best practices.

The goal is to foster collaboration, inspire innovation, and drive growth within the manufacturing community.

Each meet-up, we feature three engaging talks from Made Members, focusing on best practices around key themes that shape the future of manufacturing, including Global Trade, People & Skills, Future Factories, and Sustainability.

Presentations are followed by interactive Discussion Groups. These virtual roundtables enable Members to exchange ideas and gain further insights on their chosen topic.

We look forward to seeing you at the next one:

• Midlands SIGN UP
• Yorkshire SIGN UP
• South West SIGN UP