Industry

Manufacturing

Mitigate the risk of cyber threats to production systems, IOT infrastructure, intellectual property and supply chains.

Manufacturing Icon
manufacture-industry

Introduction

Today’s manufacturing sector is a far cry from its early incarnations during the Industrial Revolution. Now among the world’s ten largest manufacturing countries, the UK’s output reached £183 billion in 2022 and employs more than 2.5 million people. The sector includes a wide range of industries including: aerospace, automotive, chemicals, pharmaceuticals and consumer electronics.

Manufacturing Icon

Industry Overview

Advances in automation and connectivity are driving the next stage in the digitisation of manufacturing. Forward-looking manufacturers are turning to connected cloud applications and next-generation Industry 4.0 technologies for their factories, warehouses and back offices.

However, as manufacturers take advantage of the benefits brought about by technological innovation, the sector is seeing a significant uptick in cyber-related incidents. The control systems used to manage industrial operations are particularly susceptible. Ranging from programmable logic controllers and distributed control systems, to embedded systems and industrial IoT devices, these control systems make up the operational technologies (OT) that allow facilities to operate.

Risks associated with network safety are also expanding with the use and availability of hosted infrastructure, boosted by global utilisation and the availability of cloud administrations such as Amazon Web Services, to store sensitive and individual information. 

The net result is that all this technology investment is massively expanding a manufacturer’s threat surface, offering new entry points for cyber threats, and making them an attractive target for cybercriminals. It’s no wonder that cybersecurity in the manufacturing sector is expected to reach $29.85 billion in 2027.

The simple truth is that manufacturers must deploy robust cybersecurity measures and stay up-to-date with the latest threat intelligence to protect their critical infrastructure.

Market Trends & Statistics

According to the manufacturer’s organisation, Make UK, half of the UK’s manufacturers have been victims of a cyber breach in the last 12 months. In a report entitled “Cyber Resilience – The Last Line of Defence” Make UK found that 63% of companies that have been subjected to an attack, say the attack cost them up to £5,000, while a further 26% faced costs of between £5,000 and £50,000 associated with an attack. The threat is real.

As well as direct attacks on a company’s own infrastructure, manufacturers are facing an increasing risk of supply chain attacks. Recent examples include:

Vesuvius
The engineering firm experienced a breach in February 2023, when unauthorised users accessed its systems. Vesuvius produces ceramics used by the steel industry.
British Steel
In 2019, British Steel faced a cyber attack that disrupted its production processes, forcing the company to seek Government assistance and ultimately leading to its acquisition.
Cosma Casting UK
A subsidiary of Magna International, Cosma Casting UK, suffered a ransomware attack in 2019 that disrupted operations at its facility in Telford.
Honda Manufacturing
In 2020, Honda's manufacturing operations in the UK experienced a widespread network outage due to a cyber attack that targeted its network infrastructure.
Jaguar Land Rover
A cyber attack in 2017 on a major supplier to Jaguar Land Rover affected the automaker's production lines in the UK.

Challenges & Opportunities

Make UK’s ‘Makers’ Manifesto 2024’ highlights ambitions to boost the manufacturing sector’s proportion of UK GDP from 10% to 15% by the end of the next decade, driving an extra £142bn to the UK economy. While the manifesto points to digital infrastructure as a key driver for this growth, the UK manufacturing industry is at a crossroads when it comes to the growing complexity of infrastructure, the impact of legacy technology, and increased threat activity from sophisticated cybercriminals. 

One of the key difficulties facing UK manufacturing is securing intricate global supply chains, which often involve multiple international suppliers and partners. A cybersecurity breach in one part of the supply chain can have far-reaching consequences, leading to an increased risk of data breaches and intellectual property theft. 

This has prompted manufacturers to rethink their strategies and consider re-shoring suppliers. By bringing production closer to home, manufacturers are localising supply chains in an attempt to reduce exposure to cybersecurity risks associated with international partners. However, while this has the potential to enhance control and oversight over the physical production process, many of the most complex digital supply chain threats do not respect physical borders.  

In the face of these challenges, UK manufacturers are investing in resilience, placing cybersecurity at the centre of a holistic approach to managing risk. This includes not only safeguarding data and intellectual property but also preparing for potential disruptions to supply chain operations. 

As the industry continues to look for opportunities to invest in new tools and technologies, particularly those that will help it meet key sustainability goals, it is imperative that manufacturers navigate the increasing risks they face from the evolving cyber threat landscape.

Regulations & Compliance


Cyber Essentials is a simple, low-cost government backed scheme that allows manufacturers to demonstrate a robust approach to their cybersecurity. By implementing the five Cyber Essentials technical controls, an organisation protects itself against the most common internet-based threats. Going through the preparation and assessment process can ensure valuable information is protected from theft. Certification can also open new markets, help win new tenders and fulfil supply chain requirements from primes, many of whom are now mandating proof of cybersecurity.


From 29 April 2024, UK legislation mandates that manufacturers of UK consumer connectable products must comply with baseline security standards. The minimum security requirements are based on the UK’s Code of Practice for Consumer IoT security and on advice from the National Cybersecurity Centre (NCSC). The rules extend to all businesses involved in the supply chains of consumer connectable products sold to UK consumers and businesses. The government has published the full details of the legislative framework online, with far-reaching implications across the manufacturing sector.


The convergence of IT, IoT and OT environments has increased the complexity and vulnerability of previously isolated OT/ICS networks and newly designed cyber-physical systems (CPSs). This has introduced the need for a holistic, automated approach to asset discovery, risk assessment and downtime limitation. Gartner predicts that 70% of asset-intensive organisations will converge security functions across enterprise and operational environments by 2025.

Cyber Essentials is a simple, low-cost government backed scheme that allows manufacturers to demonstrate a robust approach to their cybersecurity. By implementing the five Cyber Essentials technical controls, an organisation protects itself against the most common internet-based threats. Going through the preparation and assessment process can ensure valuable information is protected from theft. Certification can also open new markets, help win new tenders and fulfil supply chain requirements from primes, many of whom are now mandating proof of cybersecurity.

From 29 April 2024, UK legislation mandates that manufacturers of UK consumer connectable products must comply with baseline security standards. The minimum security requirements are based on the UK’s Code of Practice for Consumer IoT security and on advice from the National Cybersecurity Centre (NCSC). The rules extend to all businesses involved in the supply chains of consumer connectable products sold to UK consumers and businesses. The government has published the full details of the legislative framework online, with far-reaching implications across the manufacturing sector.

The convergence of IT, IoT and OT environments has increased the complexity and vulnerability of previously isolated OT/ICS networks and newly designed cyber-physical systems (CPSs). This has introduced the need for a holistic, automated approach to asset discovery, risk assessment and downtime limitation. Gartner predicts that 70% of asset-intensive organisations will converge security functions across enterprise and operational environments by 2025.

Looking for cybersecurity peace of mind?

Conclusion

The continued use of legacy systems, a widening and unclear threat surface, and complex third-party supply chain risks are creating the perfect cybersecurity storm for manufacturers. Added to this, macroeconomic challenges, including ongoing cyber skills shortages, mergers and acquisitions, and increased digital transformation, all make it more difficult for manufacturers to defend themselves against cyber threats. 

Only through an integrated and strategic approach can organisations begin to grasp the opportunity of a properly planned cybersecurity roadmap. Using BlueFort’s standards-based framework of Continuous Cyber Discovery, Validation, and Control, we are able to help manufacturers navigate this minefield with simplicity and confidence.

BlueFort is the UK’s leading independent Security Solutions Partner (SSP). Using our unique combination of people and technology, we help manufacturers simplify their cybersecurity journey, optimise their IT environment, and protect their most valuable data. 

Designed to face the reality of modern cybersecurity, BlueFort’s tightly integrated security disciplines make security environments fit for purpose by prioritising assessment, consolidation and optimisation. 

We give you access to industry experts who have gone through the vetting, testing, and curation of exciting new technologies to help you cut through the noise of the cybersecurity market, and deliver proactive cyber market research and enhanced support.

See how BlueFort can help you simplify your cybersecurity

How we helped Barratt Developments with a challenge that faced them in this industry

With a growing number of workers outside the corporate perimeter, the Barratt team began looking into mobile security solutions to address the broad spectrum of mobile risk and played well with Microsoft tools.