The start of 2025 has offered a stark warning to UK manufacturing that the threat of cybersecurity in manufacturing is not going away, but is multiplying.
On January 28th, UK engineering giant Smiths Group announced to the FTSE that it had detected “unauthorised access” in its systems. The U.K. engineering firm Smiths Group has detected “unauthorised access” in its systems, the company informed the London Stock Exchange on Tuesday.
In a short notice to the exchange, Smiths Group – whose operations span 50 countries across a range of sectors – said it “rapidly isolated affected systems and activated business continuity plans” after it detected the activity. The company did not say when exactly the incident occurred, which systems were impacted or if ransomware is involved.
“Smiths is working with cyber security experts to recover affected systems and determine any wider impact on the business,” they said. “The Company is taking steps to comply with all relevant regulatory requirements. An update will be provided as and when appropriate.”
Cybersecurity Risks Facing UK Engineering Firms
Just a week later, it emerged that Birmingham-based engineering group IMI had also been subject to cyber attack. The FTSE-100 firm said the incident involved unauthorised access to its systems, but gave no further details.
"As soon as IMI became aware of the unauthorised access, the company engaged external cybersecurity experts to investigate and contain the incident. In parallel, the company is taking the necessary steps to comply with our regulatory obligations," it said.
The attack is believed to have affected the company's systems globally – IMI currently operates in 50 countries across the US, Europe, and Asia. It specialises in designing, building, and servicing fluid and motion control applications.
Cybersecurity in Manufacturing: A Growing Concern
Sadly, these are far from being isolated incidents. 2024 was the worst year on record for attacks on UK commercial organisations, according to a recent analysis by specialist internet business ISP Beaming.
The most frequent targets were remotely-controlled IoT devices, with more than 161 daily attacks targeting applications such as building control systems, security cameras, networked printers, remote monitoring software, and industrial automation systems. Overall, UK firms experienced an average of more than 753,341 malicious attempts to breach their online and IT systems – a little up on 2023, which was itself a record year. Businesses were encountering a new online threat every 42 seconds on average.
The Rising Threat of Cybersecurity Attacks on Manufacturing Operations
Late last year, the new head of the National Cyber Security Centre (NCSC) warned that organisations were underestimating the risks from cyber criminals and hostile states. Organisations were urged to do more to implement NCSC advice, guidance, and frameworks.
This is a global problem, of course. In February 2024, five production plants at German battery manufacturer Varta came to a grinding halt because a cyberattack had infiltrated its operational technology (OT) systems, forcing the company to disconnect critical infrastructure. Just a few months later, U.S.-based forklift manufacturer Crown Equipment suffered a similar fate, with a breach disrupting manufacturing operations across multiple sites.
Why Manufacturing Is a Popular Target for Cyber Attacks
The engineering and manufacturing sector is a popular target for cybercriminals, as well as nation-state hackers, because of the economic importance of the companies involved and the often sensitive nature of the work. In August, the Swiss industrial welding and machine manufacturer Schlatter Group investigated a “criminal cyberattack.”
Of course, with increased connectivity comes increased exposure to this risk. Nathan Charles, customer success manager at cybersecurity specialist OryxAlign explains how cybercriminals are no longer just targeting IT networks, they're targeting the robots and industrial equipment that keep factories running.
“While Industry 4.0 focused on automation,” he says. ”IoT and data-driven smart factories, Industry 5.0 shifts towards greater human-machine collaboration, sustainability, and resilience. Instead of replacing human expertise, advanced robotics and AI are being integrated to work alongside people. Smart factories now use cloud-connected robotics, sensors, and IoT devices to drive innovation, but this heightened connectivity also increases vulnerability to cyber threats, making robust OT [Operational Technology] security more critical than ever.”
The Impact of IT/OT Convergence on Cybersecurity
Manufacturing operations that once relied on isolated, air-gapped systems are now highly networked. A single breach can cause catastrophic disruption, halting assembly lines, corrupting product quality or even compromising intellectual property.
Cybercriminals are exploiting OT vulnerabilities for two primary reasons: financial gain and industrial sabotage. Ransomware attacks on manufacturing firms are highly lucrative, with downtime costs reaching as high as millions per day, forcing businesses to pay to regain control of their systems. Attacks on production lines can subtly alter robotic functions, leading to defective products or compliance failures that go undetected until costly recalls are required.
Manufacturers Need Specialised OT Cybersecurity Strategies
Says Charles: “Manufacturers often assume their IT security tools, i.e. their firewalls, endpoint detection, and antivirus will extend to OT environments. They won’t always. Unlike IT systems, most OT environments were never designed with cybersecurity in mind. Many factories operate on outdated control systems that are incompatible with modern security protocols. OT networks prioritise uptime over security, meaning vulnerabilities remain unpatched for long periods to avoid disrupting production.”
The increasing convergence of OT and IT networks further complicates security, allowing a single breach to cascade across both environments. As a result, manufacturing plants are highly susceptible to cyberattacks, often without realising it until the damage is done.
The Importance of Cybersecurity in Manufacturing Today
This IT/OT convergence is playing a central role in the increase in cyber attacks. In fact, 75% of cyber incidents in manufacturing over the past year targeted integrated IT and operational technology systems – putting critical industrial equipment at serious risk.
Unfortunately, while 70% of OT systems will be connected to corporate IT within the next year, only 19% of manufacturers are advanced in securing these systems, according to the NIST Cybersecurity Framework. What's even more alarming is that only 45% of manufacturers are prepared for converged IT/OT.
New Cybersecurity Regulations for Manufacturers
For some manufacturers, addressing this issue will soon be mandatory. Manufacturers of internet-connected devices such as smart speakers and gaming consoles are being encouraged to act now to meet impending market access requirements around cybersecurity, or risk losing access to the EU market.
As recently as February, BSI urged all manufacturers of internet-connected devices to consider cybersecurity testing activities as the Radio Equipment Directive (RED) Delegated Act deadline approaches.
Designed to enhance the cybersecurity of certain products, the European Commission has adopted a Delegated Act (Regulation (EU) 2022/30) which updates the EU Radio Equipment Directive (RED). This Act introduces requirements to ensure network protection by preventing radio equipment from interfering with network performance or misusing resources. It also brings in safeguards to protect users' personal data and privacy, and includes features to guard against fraud.
From 1 August 2025, these enhanced cybersecurity requirements will become mandatory for all companies selling into Europe. Although they will not apply to those selling into markets including the UK, US, or China, in reality, this means most global businesses will need to meet the requirements.
The Evolving Cybersecurity Threat Landscape in Manufacturing
This does nothing to protect existing systems and structures, however, which remain dangerously exposed. Trustwave, a leading cybersecurity and managed security services provider, has released a series of reports detailing the threats facing the manufacturing sector. As manufacturers increasingly integrate digital systems and physical infrastructure, the sector has become a prime target for cybercriminals aiming to disrupt production, steal intellectual property, and cause widespread damage.
Trustwave SpiderLabs has produced two in-depth analyses focused on the most pressing concerns in the sector: the growing risks associated with IT/OT convergence and the evolving methods threat actors use to target manufacturers. These reports offer detailed research and actionable risk mitigation strategies, providing manufacturers with a clear understanding of the current threat landscape.
"The manufacturing industry is embracing new technologies and ways of working that are driving efficiency, productivity, and innovation speed,” said Kory Daniels, CISO at Trustwave. “It’s exciting to see AI-powered machines, smart factories, digital twins, and 3D printing in action, but it's impossible not to consider the potential risks. This isn’t just about data breaches anymore—compromised systems can lead to production shutdowns, environmental disasters, and even worker injuries. Rapid innovation demands red teaming and testing to keep up with the pace, or we risk inadvertently prioritising business benefits over known risks."
Conclusion: Securing Cybersecurity in Manufacturing
The report highlights the increasing complexity of cybersecurity in manufacturing, driven by the sector’s reliance on interconnected systems that span shop floors, enterprise networks, and supply chains. The integration of IT and OT introduces multiple new attack vectors, making manufacturers vulnerable to a wide array of cyber threats. These include ransomware attacks that disrupt production and data breaches that expose valuable intellectual property.
Even more critically, security incidents involving OT systems can have dire safety consequences. A compromised industrial control system (ICS) could lead to dangerous malfunctions, hazardous material releases, or even physical injuries on the production floor.
Says Nathan Charles: “To combat the growing cyber threat, manufacturers need specialised OT cybersecurity strategies, not just IT security retrofitted onto industrial environments. OryxAlign is at the forefront of this effort, providing advanced security solutions tailored for industrial automation.”
The threat landscape is evolving rapidly, with cybercriminals weaponising AI to automate attacks. But defenders are responding in kind, leveraging AI-driven security systems to predict and prevent breaches. Governments are also stepping in, tightening regulations for OT cybersecurity under frameworks like the UK’s NIS 2 Directive. For manufacturers, cybersecurity must be embedded into automation strategies from the ground up.
