Skip to main content
Get support

The cyber threat: what manufacturers need to know to build cyber resilience

Published: 22 June 2026

As digital technologies increasingly shape how manufacturers operate and collaborate, cyber security is becoming a defining issue for supply chain resilience across the West Midlands. What was once viewed as a purely IT concern is now a strategic operational challenge, particularly for manufacturers whose production systems rely on complex, interconnected technologies.

Professor Zeeshan Pervez

Through the Supply Chain Transition Programme, delivered by the West Midlands Investment Zone, manufacturers are being supported to rethink how resilience is built into their supply networks, not only in terms of efficiency and sustainability, but also in their ability to withstand and recover from cyber disruption.

To understand what cyber resilience truly looks like in a manufacturing context, we spoke with Professor Zeeshan Pervez, a leading cybersecurity expert at the University of Wolverhampton.

What does cyber resilience look like in a manufacturing business, beyond basic cyber security, and why does it need to cover both IT and operational technology?

“Conventional cybersecurity focuses primarily on protecting data, networks, and IT systems from unauthorised access or breach,” explains Professor Pervez. “In manufacturing, however, the stakes extend far beyond data.”

A successful cyber-attack can halt production lines, disable safety critical machinery, or corrupt operational technology (OT) systems that control physical processes. Despite this, many organisations still treat IT and OT security as separate disciplines with separate ownership.

“Cyber resilience in manufacturing means building the capacity to absorb disruption, adapt under pressure, and recover quickly – not simply prevent intrusion,” he says. This requires integrating IT security with OT environments such as industrial control systems (ICS), SCADA platforms, and programmable logic controllers (PLCs), many of which were never designed with modern cyber threats in mind.

“In reality, IT and OT must be treated as a single, interconnected attack surface, because in a manufacturing environment, a breach in one almost always creates risk in the other.”
How do cyber risks in manufacturing differ from those in office-based sectors such as professional services or finance?

“In office-based sectors, a cyber incident typically disrupts access to data or systems, but rarely creates immediate physical safety concerns,” Professor Pervez notes. “On the factory floor, the consequences are fundamentally different.”

Attacks targeting production controls, robotics, or legacy machinery can cause physical damage, create health and safety hazards, and trigger cascading failures that take days or weeks to resolve.

“Legacy industrial equipment – often decades old and unsupported by modern security patches – sits at the heart of many manufacturing environments. This combination of physical consequence, ageing systems, and tightly coupled production schedules results in a cost profile that few other sectors face.”

Which cyber threats are especially significant for manufacturers today?

Manufacturers face an expanding threat landscape, including ransomware, IoT-based attacks, remote supplier compromise, and exploitation of legacy systems.

“Ransomware remains particularly disruptive for sectors where downtime carries immediate financial consequences,” says Professor Pervez. “Manufacturing is also uniquely exposed due to globally sourced machinery, multi tier supply chains, and varying levels of cyber maturity across suppliers.”

Supplier access points are often a weak link, and skills shortages continue to limit organisations’ ability to detect and respond effectively.

“A lack of standardised cyber training across vendors and contractors significantly increases inconsistency in security posture,” he adds.

What are the most common weaknesses you see in manufacturing firms, and where should leadership focus first?

“One of the most fundamental weaknesses is confusing cybersecurity with cyber resilience,” Professor Pervez explains. “Cybersecurity is about protection and prevention; cyber resilience is about being prepared for attacks that inevitably get through.”

“Human factors remain the most persistent vulnerability, with skills gaps from shop floor to boardroom. Meanwhile, attackers are increasingly using AI to automate exploitation and deliver more convincing attacks.”

“Leadership teams should focus first on treating cyber risk as a strategic business issue,” he advises. “That means investing in continuous staff awareness and ensuring incident response plans are tested, not just written. The question is no longer whether an attack will occur, but whether the organisation is ready to respond.”

How can manufacturers balance protecting critical systems with maintaining operational continuity?

“This requires a shift in mindset,” says Professor Pervez. “Cyber resilience is an operational responsibility shared across the entire business – not a technical task delegated solely to IT.”

He recommends embedding cyber considerations into procurement, supplier contracts, and change management processes, alongside introducing scheduled maintenance windows for patching and updates.

“Deferring updates out of fear of disruption creates far greater long-term risk,” he warns. “Equally important are routine cyber drill exercises, similar to health and safety drills, so teams know exactly how to respond under pressure. Resilience is built through repetition and rehearsal, not policy documents.”

What practical steps should manufacturers prioritise in the first 6–12 months?

According to Professor Pervez, the starting point is visibility. “Manufacturers need a clear understanding of all IT and OT assets, including legacy systems and third party connections.”

This should be followed by targeted skills assessments, baseline monitoring and detection capabilities, and the development of a tested recovery plan. “Integrating cyber resilience into governance ensures continuous improvement, rather than one off compliance,” he concludes.

As manufacturers across the West Midlands navigate supply chain transition, the message is clear: cyber resilience is no longer optional. It is a fundamental enabler of operational stability, customer confidence, and long term competitiveness.

By embedding cyber resilience into supply chain strategy today, West Midlands manufacturers can protect productivity, safeguard people, and build a more secure and sustainable future.

Programmes such as the Supply Chain Transition Programme play a vital role in helping businesses understand and manage these risks, funded through the West Midlands Investment Zone and the West Midlands Combined Authority, the programme provides one-to-one specialist coaching, technical advice tailored to individual participating companies, leadership training, and access to research and development funding.

Get involved by filling out the expression of interest form

Upcoming free events for West Midlands businesses

Business Advisers chatting at a meeting
  • Funding & finance

Tuesday 23 June 2026

Making sense of financial jargon

Learn how to manage business finances, meet legal requirements, and choose the right legal structure with confidence.
Business Growth Service logo
  • Networking
  • Business support

Wednesday 24 June 2026

UK-India Roadshow 2026

Ready to grow your business in one of the world’s fastest‐growing major economies?
Closeup of somebody completing a paper application form
  • Funding & finance

Wednesday 24 June 2026

Getting your business investment ready

Learn how to scale-up your business.