Cyber adversaries are judicious when selecting their victims, drawn to targets with the richest treasure and the most exposure, and manufacturing makes the grade for cyber criminals because of the value of the industry’s intellectual property, and due in large part to supply chain vulnerabilities, there are plenty of points of entry.
As part of a larger cross-industry study, LevelBlue surveyed executives in 220 manufacturing companies to gauge the state of their cyber resilience strategies in the era of AI-driven threats and other risks. The research found that while awareness about the threat environment is high, preparedness, especially for AI-driven attacks, is not.
Manufacturing executives are not ready for cyberattacks
Only 32% of manufacturing executives are ready for AI-powered threats, even though 44% expect them to occur. Just 30% said their organisation is prepared for deepfake attacks, even as 47% are anticipate them.
Some 37% say they are seeing a significantly higher volume of attacks, while on the supply chain front, 54% admitted to having a very low to moderate visibility into their supply chains.
Just 26% said working with their software suppliers to vet their credentials will take precedence in the next year. In spite of the fact that 28% of manufacturing executives say their organisation suffered a breach in the past 12 months and more than one-third are expecting that attack volume increase, 51% said they are highly or very highly competent to protect their enterprise against threat actors. Similarly, 55% gave themselves the same competence when it comes to implementing and using AI to enhance cybersecurity.
Overoptimism of ability to meet threats
The contradiction between this high level of confidence in their own competencies and their preparedness for AI-driven and other types of attacks points to potential overoptimism that adversaries could easily exploit.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataHowever, there are also signs that some of the traditional internal organisational cybersecurity challenges in manufacturing are being addressed.
Some 68% described their cybersecurity team as being aligned with lines of business, while 65% of those in leadership positions are assessed against cybersecurity KPIs, which is higher than the cross-vertical results (60%).
No less than 70% are engaged in end-user education on social engineering, again higher than the entire sample (62%).
Security training in manufacturing companies
Manufacturing companies are also more willing to engage third-party security providers for security training and awareness than in the past, and 38% said that they will augment their own internal resources with external training support in the next two years, versus the 30% that have engaged with a third-party in the last year.
Manufacturing organisations are investing in cybersecurity to prepare for emerging threats, and top priorities are machine learning for pattern matching (71%); cyber resilience processes across the organisation (69%); GenAI to combat social engineering attacks (64%); application security (67%) and enhanced supply chain security (63%).
While investment is important, awareness, pragmatism, and solid policy execution are essential. Without these, there is no way for any enterprise to mount an effective defense against cyber adversaries.
