November 17, 2025 Cyber Resilience and Business Impact in Manufacturing

Manufacturers face rising AI and supply chain threats, challenging business leaders to prioritize cyber resilience.

By Kory Daniels, Chief Security & Trust Officer at LevelBlue

When manufacturing organizations are disrupted, the global economy and supply chain across businesses and consumers can be immediately impacted, followed by longer term effects. From energy and transportation to healthcare and consumer goods, nearly every sector depends on its efficiency. It’s also one of the most targeted industries for cyberattacks, with 37% of executives reporting a significantly higher volume of attacks than last year.

The threat landscape has grown even more complex with the rise of artificial intelligence, supply chains, and geopolitical tensions. Threat actors are now using AI to automate phishing, craft deepfakes, and exploit vulnerabilities faster than organizations can respond, forcing manufacturers to rethink how they protect critical systems.

LevelBlue’s latest research, Spotlight Report: Cyber Resilience and Business Impact in Manufacturing, examines how industry leaders are confronting these evolving risks and strengthening their defenses. This piece will explore the findings, where organizations are falling short, and how they can strengthen defenses against today’s dynamic risk environment.  

Evolving Threats: The AI Challenge

AI vendors promise manufacturing organizations unprecedented levels of efficiency, optimized processes, and enhanced automation. However, AI has also become what is commonly called a force multiplier for threat actors, essentially allowing them to do more with less. Threat actors are now using AI to automate phishing campaigns, generate convincing deepfakes, and exploit vulnerabilities faster than human defenders can react.

The result is a widening gap between awareness and readiness. While 44% of executives expect AI-powered attacks and 47% anticipate deepfake or synthetic identity threats, only about one-third say they are prepared to defend against them.

Likewise, many manufacturers are underestimating how unregulated AI tools could pose a risk to their extended ecosystem. AI adoption is happening too fast for regulations, governance, or mature cybersecurity controls to keep pace, which expands the attack surface and increases exposure. Despite recognizing these risks, many executives remain confident about deploying AI technologies—often without sufficient safeguards in place. This disconnect between innovation and protection underscores the urgency for manufacturers to take a more proactive and adaptive approach to resilience.

The Supply Chain Blind Spot

If there’s one area where manufacturers remain especially vulnerable, it’s the software supply chain. Despite years of high-profile third-party breaches, visibility across supplier networks continues to lag. Our research found that 54% of manufacturing organizations have low to moderate visibility into their software supply chains, and only 26% say they are investing significantly in software supply chain security—a concerning gap, given that they can provide a major entry point for threat actors.

Supply chain issues pose a significant problem for all organizations, and the limited oversight is one of the most significant risks. If they are not properly secured, vulnerabilities in the software supply chain can provide entry points for threat actors. Once in, hackers can move deeper into a network, stealing credentials, gaining control of valuable systems, and pushing out malware, potentially to thousands of victims. And attacks like this can often go undetected until compromised software has been widely distributed. Our report reveals that many manufacturing executives do not see the risk. Few see unsupported software (18%), open-source libraries (13%), or insufficient visibility (19%) as high risks, yet these weaknesses often provide the foothold attackers need.

Improving supply chain transparency, verifying supplier credentials, maintaining software bills of materials, and conducting regular assessments must become central to any manufacturer’s cyber strategy. Prioritizing this area is critical for building resilience and protecting a company’s physical and intellectual property.

Aligning Cybersecurity with Business Strategy

Despite these challenges and shortfalls in some areas, manufacturers are making progress in shoring up their defenses. Across the industry, cybersecurity is increasingly being recognized as a core business function rather than a technical necessity.

Our data reveals that 68% of manufacturing executives say their cybersecurity teams are aligned with lines of business, and 65% report that leadership roles are tied to cybersecurity KPIs. These numbers, coupled with high-profile media reports and an increasingly complex threat landscape, are pushing cybersecurity higher on the corporate agenda, drawing greater attention from the C-suite, and prompting them to prioritize it.

This shift is helping organizations move from reactive defense to proactive resilience, embedding security into daily operations and innovation efforts. More than half of manufacturers (55%) now allocate cybersecurity budgets at the outset of new initiatives, ensuring that security is built in from the start. Another 69% say an adaptive approach to cybersecurity enables them to take greater innovation risks, and 70% are educating employees about social engineering tactics. These actions reflect an industry learning to view resilience not as a barrier to growth, but as a foundation for it.

It’s encouraging to see greater alignment between cybersecurity initiatives and organizational goals—but the data also shows that many manufacturers still face critical gaps. Corporate executive alignment and a proactive, adaptive approach remain essential to staying ahead of rapidly evolving threats.

The Road Ahead: From Awareness to Action

Of course, there is still work to be done. Less than half, 44%, of organizations report having an effective company-wide cybersecurity culture. The next phase of maturity will require both structural and behavioral evolution, where every employee, from the plant floor to the boardroom, plays a role in safeguarding operations.

Manufacturers should consider the following four key steps to strengthen resilience:

1. Prioritize governance to increase engagement throughout leadership, including the board, to make cyber resilience a core business requirement.
2. Partner with HR in fostering a cyber-resilient culture by practicing safe online behaviors at every level, continuous training, and making it easy to report threats.
3. Verify defense in depth. Be proactive and intentional by investing in cybersecurity measures to get ahead of risks, such as advanced threat detection and response, and exposure and vulnerability management technologies. It is equally important to engage external providers to enhance cybersecurity measures, advise on strategy, and provide you with training.
4. Perform a business impact analysis of key business processes. Prioritize supply chain resilience by verifying supplier security and conducting regular assessments.

The manufacturing sector is at a pivotal moment. AI-driven attacks, deepfakes, DDoS campaigns, and supply chain vulnerabilities are already reshaping the security landscape with adversaries evolving faster than defenses. But manufacturers are not standing still. By embedding cybersecurity into business strategy and culture, they can close the readiness gap and build the resilience needed to thrive in the next era of manufacturing.

About the Author:
Kory Daniels is Chief Security & Trust Officer at Trustwave, a LevelBlue company, where he has been spearheading initiatives in risk management, corporate resilience, strategic growth, and digital trust. For more than 5 years, Kory has led people, processes, and technology in effectively adopting ML, AI, and automation in Fortune 500 companies and adapting those approaches for the market.

Read more from the author:

A House Of Cards: Third-Party Risks Are Undermining Businesses Resilience Strategies | Forbes, 9/18/24

Digital Lifelines: Fortifying Healthcare’s Cybersecurity Amid Budget Cuts | HIT Consultant, 07/14/2025

6 Steps to Counter Fourth-Party Supply Chain Vendor Attacks | Trustwave, a LevelBlue company blog, 9/23/25

The Cost of Inaction: Securing the Energy Grid Before It’s Too Late | LevelBlue blog, 9/18/25

Subscribe to Industry Today