As U.S. manufacturing firms weather a constant barrage of cyberattacks, the various industries in that sector — which underpin everything from military readiness to everyday necessities — are banding together to learn from past incidents and boost their collective defenses.
Even as other critical infrastructure sectors like energy, healthcare and telecommunications receive more attention from most policymakers, cybersecurity firms have repeatedly found that manufacturing is the most targeted of the 16 critical infrastructure sectors recognized by the U.S. government. Hackers see manufacturers as especially enticing victims, because they make and store sensitive intellectual property, operate businesses that can’t afford interruptions and rely on complex supply chains. For those same reasons, industry leaders, cybersecurity experts and government officials increasingly warn that both U.S. national and economic security depend on protecting the heavily besieged manufacturing sector.
“Cyber disruptions can halt production, delay infrastructure projects, and create cascading supply chain impacts without causing physical damage,” said Chris Grove, director of cybersecurity strategy at OT security firm Nozomi Networks.
Manufacturers would be important national assets to protect in any year. But amid growing tensions between the U.S. and China, experts see it as even more pressing to prevent hackers from crippling America’s production capacity. And as technological and operational trends increase the vulnerabilities that these companies face, the risks of a catastrophic cyberattack are quietly growing.
“If the attack hits a key market component,” Sean Tufts, field CTO at OT security firm Claroty, said, “it’s like having a hurricane hit an entire industry at once.”
Recent cyberattacks demonstrate the high stakes
Cyber threat intelligence reports of late have painted an alarming picture of the cybersecurity landscape facing manufacturers.
Ransomware gangs claimed more than 1,000 attacks on the sector over the past year, according to data from Palo Alto Networks. The average manufacturer faces about 1,585 attempted attacks per week, with overall attacks on the sector increasing by 30% year over year, the security firm Check Point Software said in an October report. And in the fourth quarter of 2025, manufacturing firms accounted for the largest share of claimed victims on dark web data-leak sites, according to researchers at Google Threat Intelligence Group.
Several major U.S. and international manufacturers suffered disruptive cyberattacks in 2025. Nucor, the largest steelmaker in the U.S., was forced to pause operations in May after an attack targeting its IT network. The company later confirmed that hackers accessed Social Security numbers, credit card information and other personal data, although it said the intrusion didn’t materially affect it financially. A more crippling attack hit British automobile giant Jaguar Land Rover in late August, forcing JLR to shut down manufacturing for weeks, and ultimately costing the British economy some $2.5 billion.
The cyberattack on JLR, which led to the theft of company data as well, was the single most financially damaging cyberattack in British history, according to the U.K.-based Cyber Monitoring Centre. The group estimated that the disruption affected more than 2,700 U.K. organizations.
“What makes the JLR incident notable is that the systemic impact arose from a single company’s operational shutdown, rather than a piece of software or shared platform failing simultaneously across many organizations,” Will Mayes, CEO of the Cyber Monitoring Centre, told Cybersecurity Dive after the group released its report on the incident.
A threat actor affiliated with the cybercrime groups Scattered Spider, Lapsus$ and ShinyHunters — whom researchers linked to a wave of social engineering attacks last year — eventually claimed credit for the attack.
While JLR and Nucor’s were the highest-profile cyberattacks in the sector, hackers have breached many other manufacturers over the past few years, including tire maker Bridgestone Americas, cleaning products giant Clorox, medical device-maker Masimo, aerospace and automotive-sensor supplier Sensata and building control system-maker Johnson Controls.
The disruptive effects of many of the recent attacks underscore the precariously configured manufacturing sector’s unique inability to tolerate downtime.
That fact has led to “a market consensus among threat actors … that manufacturing is the most reliable place to extract a profit,” said Anna Chung, principal threat researcher at Palo Alto Networks.
Moody’s analysts concur that manufacturing firms face a higher risk of ransomware attacks because they have limited ability to withstand significant disruptions.
“Attackers … see that as an added incentive for their victims to find a solution that would put them back online as fast as possible,” said Lesley Ritter, vice president at Moody’s.
Growing cyber risk of opportunistic and targeted attacks
The manufacturing sector faces major technical and economic challenges that complicate efforts to defend against cyberattacks.
One of the biggest challenges is the increasing convergence of information technology and operational technology networks. Manufacturing firms’ computer networks often encompass functions like payroll on the IT side and industrial functions like machinery operations on the OT side, as well as Internet of Things devices like surveillance cameras. It’s not difficult for hackers to jump between systems in those environments if they are not properly secured and segmented. “That convergence expands the attack surface and creates multiple entry points,” Grove said.
Manufacturers’ growing use of cloud platforms, mobile applications and Internet of Things devices also drives this convergence, as businesses connect devices and systems in untested ways, often without prioritizing the security of those links.
At the same time, visibility gaps between the security teams managing IT and OT sometimes make it harder for companies to quickly react when they discover hackers conducting reconnaissance or other early-stage cyberattack activity.
Manufacturers also face significant third-party risk, given their vast networks of suppliers and contractors. The JLR cyberattack began when hackers penetrated a major global outsourcer to which the carmaker had delegated many of its digital operations. “This happens all the time,” said Timothy Chase, the program director for the MFG-ISAC, the sector’s information-sharing group, which is housed within the nonprofit Global Resilience Foundation.
Manufacturing firms are also grappling with the dangers of legacy OT devices that vendors no longer support and that may be quietly accumulating security vulnerabilities.
“In some cases, there are no patches, because manufacturers don’t replace and update their systems at all,” said Sergey Shykevich, threat intelligence group manager at Check Point Software.
But a modernization rush carries its own risks: As companies rush to adopt artificial intelligence and cloud platforms, they are not always integrating security into those technologies.
Even when companies understand their security risks, they cannot always address them. Decades-long offshoring trends mean that U.S. firms have tighter financial margins than ever before. “Cyber is expensive, with limited ROI,” Claroty’s Tufts said. “CFOs are hesitant to spend.”
Bureaucracy can also hamper progress. Companies often assign the security of their corporate networks to experienced personnel at headquarters while leaving OT security in the hands of factory supervisors without “the expertise or investment to make the needed security upgrades,” Tufts said.
All of these challenges make cyber defense more difficult for the manufacturing sector, even as the threats grow more sophisticated.
“Manufacturing attacks are increasingly opportunistic, automated, and IT-originated, then moving laterally into OT,” Nozomi’s Grove said.
The year ahead is likely to bring even more serious threats. China is expected to increase its penetrations of U.S. critical infrastructure as part of a deterrence strategy to keep the U.S. from repelling its invasion of Taiwan. In the context of that strategy, manufacturing firms are prime targets for China because of their strategic importance.
“Cyber vulnerabilities in manufacturing directly affect U.S. national and economic security because the sector underpins critical supply chains, defense readiness, and industrial competitiveness,” Grove said.
But Chinese cyberattacks wouldn’t be limited to sabotaging weapons production or stealing fighter-jet blueprints. The manufacturing sector is also vital to everyday life, so even a prosaic attack could have devastating consequences. “A nation-state actor could target several of the [U.S.’s] paper pulping and toilet paper manufacturers to bring down operations,” the MFG-ISAC’s Chase said, “and for some time it could look like early days of the pandemic, with shortages, hoarding, et cetera.”
A major cyberattack on the manufacturing sector “could result in significant national economic impact and lengthy disruptions that cascade across multiple critical infrastructure sectors or regions,” Nick Andersen, the Cybersecurity and Infrastructure Security Agency’s executive assistant director for cybersecurity, said in a statement. Andersen said CISA “routinely engages” with manufacturing firms to discuss issues like the IT/OT convergence.
Joining forces across diverse market segments
To confront growing threats, manufacturing companies have teamed up through the MFG-ISAC, which hosts events and distributes guidance to members.
“Customers view peer collaboration as one of the most effective defenses they have,” Grove said. “Manufacturers trust information coming from peers who face the same operational realities.”
In 2025, the MFG-ISAC partnered with Google Cloud on an in-person tabletop exercise, convened a working group that produced a cyber-incident response playbook and co-organized an OT training course with the security firm Dragos. Dozens of companies have participated in that program, Chase said. The ISAC also manages an OT discussion group through which member firms can plan shared responses to sector-wide challenges, such as the difficulty of securely monitoring remote facilities.
This year, Chase said, the ISAC is planning another in-person tabletop exercise, as well as an expanded range of guidance documents and services for managing OT threats. The organization is also creating new working groups to address the priorities of its growing membership base. One of the groups will bring together manufacturers who need to meet the Defense Department’s new Cybersecurity Maturity Model Certification standards and want to discuss implementation challenges.
Within the manufacturing sector, “there’s a strong understanding that collaboration benefits everyone,” Tufts said. “MFG-ISAC provides a trusted environment where even competitors can share failures and success.”
That collaboration will be essential for improving the security posture of a highly diverse sector, in which many different industries share overlapping vulnerabilities and concerns. The MFG-ISAC’s members include everything from pharmaceutical giants and food companies to businesses that make home heating and plumbing appliances. A recent Dragos report tallied 26 distinct manufacturing subsectors. “The diversity in manufacturing … can make it a challenging sector to help facilitate collective defense,” Chase said.
Cyber readiness varies widely throughout the sector as well, according to Chase. Some companies still don’t realize that they could be the target of nation-state hackers, while others recognize that they are vulnerable but misunderstand the risks they face, whether ransomware or intellectual property theft. In some cases, Chase business leaders also underestimate the impact of certain threats — for example, seeing a ransomware attack as mostly an IT concern, without realizing how their production environment depends on those IT systems.
“The recognition of the importance of both IT and OT cybersecurity is increasing across the manufacturing sector,” Chase said, “but there is much more work to be done in education and in helping resource security teams with relevant threat and vulnerability information to secure their own environments.”
In the U.K., the National Cyber Security Centre has strengthened its commitment to help vital industries better prepare for malicious attacks by state-linked adversaries and criminal hackers. Its latest annual review, released in October 2025, warned that critical infrastructure sectors were under increased threat of disruptive cyberattacks.
In connection with the report, authorities wrote directly to top corporate executives at the Financial Times Stock Exchange (FTSE) 350, urging them to take board-level action to prepare for cyber threats and protect their supply chains.
NCSC also meets regularly with cybersecurity leaders from key sectors, including manufacturing and automotive, to share threat intelligence and best practices, officials familiar with the process told Cybersecurity Dive.
Experts said manufacturers would benefit immensely from implementing a handful of key network improvements, including expanding asset visibility across IT, OT and IoT; prioritizing the most impactful vulnerabilities; segmenting networks to limit the consequences of a single attack; and minimizing the internet exposure of unpatchable systems. Security specialists also recommended that manufacturers restrict and supervise third-party suppliers’ network access and develop and test incident-response plans.
That final recommendation, often neglected by busy companies, could prove to be the most important one. “You must have a plan ahead of time,” Chase said,” and you must exercise that plan with all relevant stakeholders.”