In 2025, cybersecurity has vaulted to the forefront of manufacturing's most urgent concerns, according to the 10th Annual State of Smart Manufacturing Report from Rockwell Automation. As factories worldwide accelerate their adoption of artificial intelligence (AI), automation, and interconnected digital systems, the sector faces a perfect storm of new vulnerabilities, making cybersecurity not just a technical issue but a critical business imperative.
This year's survey, which gathered insights from over 1,500 manufacturing leaders across 17 countries, paints a picture of an industry under pressure. Economic uncertainty, supply chain disruptions, and workforce shortages are driving a rapid pivot toward innovative manufacturing technologies. Yet, as manufacturers race to modernize, cybersecurity has surged to the second-highest external obstacle to growth, trailing only inflation and economic headwinds.
Digital Convergence Increasing Manufacturing Risk
The risks are not theoretical. Manufacturing now accounts for 21% of global ransomware attacks, making it more than three times as likely to be targeted as other sectors. The sector's interconnected IT and operational technology (OT) networks are increasingly exposed, with 83% of manufacturers reporting undocumented external connections—a statistic that underscores the scale of the challenge. These connections, essential for modern production, also create new entry points for cybercriminals.
Third-party access has emerged as a particularly acute vulnerability. The 2025 Ponemon Report found that 42% of manufacturing breaches last year were directly linked to third-party access issues, a figure that has climbed sharply and now represents a significant source of risk for the industry. As manufacturers rely more on vendors and partners for everything from supply chain management to AI-driven analytics, each new connection becomes a potential weak link. The consequences are costly: the average breach now costs manufacturers $5.5 million—13% above the global average—with regulatory fines, data loss, and revenue impacts compounding the damage.
Rick Kaun, vice president of solutions at Rockwell Automation's Verve Industrial, says manufacturers are prioritizing cybersecurity more now than in past years. "The threats are more targeted, the stakes are higher, and the OT workforce is stretched thin," Kaun says. "The plant floor has become a hyper-connected ecosystem — sensors, legacy PLCs, cloud interfaces — and attackers know it. The stakes are high because downtime hits revenue and safety, and manufacturers are finally recognizing that "air-gapped" is a myth," he says.
Manufacturers Need Comprehensive Security Programs
Hollie Hennessy, principal analyst of IoT cybersecurity at the research firm Omdia, says manufacturers aren't necessarily focusing more on security because of AI. Still, an increased security focus is driven heavily by regulatory mandates and the growing number of manufacturing cybersecurity incidents, as many manufacturers have witnessed their peers become breached. "There are high-profile breaches that have happened in the manufacturing industry which can shine a light on the need to invest in security. Regulation is also emerging in this space, given that some manufacturing industries will be and are subject to critical infrastructure regulations," Hennessy explains.
Yet, the integration of AI does introduce new risks to manufacturers. The "black box" nature of many AI algorithms can obscure vulnerabilities, making it more challenging for security teams to detect breaches within complex machine learning models. Further, the proliferation of generative AI tools in the workplace creates fresh exposure points. Sixty percent of manufacturers report that they cannot effectively monitor employee use of these tools, raising concerns about sensitive data potentially leaking into public AI models without proper oversight. Shadow data—information stored outside formal management policies—poses new risks.
In response, manufacturers are investing heavily in multi-layered defenses. Many are adopting zero-trust architectures, enhancing vendor risk management, and automating patching and monitoring for edge devices.
Anna Ahrens, principal research analyst at Omdia, explains that manufacturers must understand that cybersecurity isn't going to be simply an "IT" or "OT" matter. "What manufacturers need are people who understand cybersecurity in a manufacturing environment and manufacturing processes. They need to have an extended understanding of OT environments, cybersecurity expertise for both IT and OT networks and devices, and a deep understanding of the cybersecurity frameworks applied in manufacturing, such as NIST, IEC 62443, and risk assessment. Cross-domain expertise - the ability to bring OT and IT teams and tools together and change management skills should be a prerequisite for this position," Ahrens says.
Kaun agrees and says that while AI is driving new cybersecurity investments, that investment will "only be effective if paired with OT-specific context. We caution clients against leading with technology. AI should amplify risk models, not define them. If it can help manufacturers better detect dormant accounts, identify misconfigurations, or prioritize patching based on asset criticality, then it's doing its job. But without that foundation, AI is just noise at scale."
Unfortunately, the scale and complexity of the threats manufacturers face will continue to grow as their dependence on digital systems grows, and the takeaway is that cybersecurity is now inseparable from the future of manufacturing. As companies continue their digital transformations, the ability to secure not just production lines but entire ecosystems of data, vendors, and AI-driven processes will define the winners and losers in the next era of industrial competition. For manufacturers, the race is on—not just to innovate but to defend.
