Connected Devices manufacturing image_219100685_1440x720.png

Connected devices heighten manufacturing cybersecurity risks

ArticleAugust 17, 2025

Explore how manufacturers can protect production, innovation, and data from growing cyber threats in today’s digital landscape.
Share this

The stakes are high, with an estimated 6 billion malware attacks worldwide in 2023, a 9% increase over the previous year1. Midsize manufacturers, once considered lesser targets, are now increasingly targeted.  Attackers often exploit connected systems, causing disruptions or demanding ransom. Risk management requires mapping assets, securing firmware, and IT (Information Technology) /OT (Operational Technology) collaboration. Effective cybersecurity risk management can help manufacturers stay productive and resilient.

Cyber Risk for Manufacturing

The manufacturing industry is increasingly adopting advanced technologies such as Industrial Information of Things (IIoT) devices, robotics, and artificial intelligence to accelerate production and achieve company goals. However, these emerging technologies also introduce unforeseen cybersecurity risks. Protecting intellectual property while maintaining high productivity poses significant challenges for OT cybersecurity professionals.

According to CrowdStrike’s 2025 Global Threat Report2, manufacturing ranks as the third most targeted industry for cyberattacks through interactive intrusions. Threat actors often use hands-on techniques, leveraging stolen credentials and social engineering to gain access to networks. Once inside, they focus on disrupting business operations and data exfiltration, often as leverage for ransom payments or industrial sabotage motivated by political reasons.

Manufacturing Cybersecurity Considerations

Industrial manufacturing systems encompass a wide range of technologies, from end-of-life or unsupported systems essential for bespoke processes to cutting-edge IoT edge devices and digital twins. A critical difference between IT and OT systems is that OT systems are typically autonomous and run on proprietary software, whereas IT systems are connected and operate on standard operating systems like Windows. Connecting OT and IT systems can increase efficiency, but also elevates cyber risk as threat actors can infiltrate IT systems and move laterally into OT environments.

Effective cybersecurity in manufacturing requires collaboration between IT and OT teams, often involving local plant operations managers. Authority issues may arise when deciding whether to take equipment offline for security reasons or install advanced cyber risk software to monitor all environments.

Reducing Manufacturing Cybersecurity Risks

The first step in developing an effective IIoT risk-reduction strategy is mapping all technology assets in the OT environment that connect to the internet. This includes conducting a risk-based analysis for each asset, classifying systems as high risk based on their criticality to business functions and potential threats, such as unsupported software.

Key equipment vulnerable to attacks includes industrial control systems, open platform communication systems, wireless sensors and cameras, internet-connected HVAC systems, and utility control systems. Cybercriminals can exploit even wireless office equipment, like printers, to trigger production line shutdowns or deliver ransomware demands.

Manufacturers must develop protocols to ensure firmware installed in new production and control equipment, such as a robotic welder, is free from malware. Malicious software can be embedded in operating systems and remain dormant until triggered by other devices on the network.

Finally, production facilities need customized intrusion-prevention software capable of responding to software anomalies and abnormal behavior of operational equipment, such as robots and other connected hardware, which might signal a cyber event.

The Rise of IoT and IIoT in Manufacturing

The IoT is rapidly expanding, with predictions that the number of connected IoT devices will reach 125 billion by 20303, resulting in billions of zettabytes of data. While IoT offers tremendous benefits, it also introduces significant cybersecurity and privacy risks. For manufacturers, the IIoT magnifies these risks as more network-connected devices are integrated into industrial operations.

IIoT devices in manufacturing, such as sophisticated robots and smart sensors, share vulnerabilities with consumer IoT devices. The key challenge is that formerly standalone equipment is now network-connected, increasing efficiency but also opening new entry points for cybercriminals. Newly acquired IIoT devices can be compromised during manufacture, allowing them to unleash dangerous code into a network as soon as they go online.

Effective Risk Management

Effective risk management begins with a clear understanding of the nature and scope of the risks faced. Bringing together IT and operational personnel to understand each other’s issues and identify protective measures is crucial. Identifying vulnerable equipment, ensuring malware-free firmware, and deploying customized intrusion-prevention software are key steps.

Understanding the threats associated with both IT and OT systems can help manufacturers reap the benefits of new technologies while protecting productivity, property, and people against cyberattacks.

Learn more about Zurich’s cyber products and services.

  1. Statista Number of malware attacks per year 2023| Statista
  2. CrowdStrike 2025 Global Threat Report
  3. IHS Markit https://cdn.ihs.com/www/pdf/IoT_ebook.pdf

 

Related Industries

Related products and solutions

The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute advice (particularly not legal advice). Accordingly, persons requiring advice should consult independent advisors when developing programs and policies. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods or safety suggestions contained herein. We undertake no obligation to publicly update or revise any of this information, whether to reflect new information, future developments, events or circumstances or otherwise. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these policies and procedures ensure coverage under any insurance policy. This article was developed with the assistance of generative AI technology. While every effort has been made to ensure the accuracy, timeliness, and relevance of the information presented, AI-generated content may occasionally include errors, inconsistencies, or outdated material. This content is intended for general informational purposes only and should not be considered a substitute for professional, legal, or expert advice. Readers are encouraged to use their own judgment and consult qualified professionals when making decisions based on this information.