May 11, 2026 From Factory Floor to Firewall: Manufacturing Security

New trends for manufacturers to prepare their enterprises for convergence, as it becomes an operational reality.

By Jeff DiDomenico, VP of Strategic Development, Trackforce

Manufacturing has been the most targeted industry for cybersecurity attacks for five consecutive years, accounting for 27.7% of incidents in 2025. Even as manufacturers modernize operations through connected equipment, networked facilities systems, and more data-driven production environments, around 85% to 90% of organizations still operate in IT and OT silos.

This shift toward more connected and data-driven operations has improved visibility and efficiency, but also reshaped risk inside industrial facilities. A badge reader, camera, visitor management workflow, or remote support credential is no longer just a facilities concern. Industry experts are beginning to outline what stronger coordination should look like, including baseline response standards and the operational practices manufacturers may need as physical and cyber security continue to converge.

Where Manufacturing Security Stands Today

Manufacturers need a clear view of where their security programs are starting from, as the industry is not moving at one uniform pace. Some organizations have already addressed foundational cybersecurity controls, but now face questions surrounding segmentation, uptime, and cross-functional coordination. Others are still working through basic visibility, access, and credentialing gaps that can become more serious as physical and digital systems become progressively connected.

Organization size often shapes those differences. Larger enterprises may have more mature security programs, but they also have multifaceted environments where changes can disrupt production. Smaller manufacturers may have simpler operations, but limited resources and a false sense of reduced risk can leave critical gaps unresolved. In practice, the industry tends to fall into two broad groups:

1. Large enterprises: Many have tackled basic cyber hygiene issues, but struggle to implement segmentation without disruption.
2. Smaller organizations: Many underestimate their risk profiles because of their size. Intermittent access controls, limited asset visibility, and poor credential discipline create exposure, especially when leaders assume they are too small to be targeted.

While this represents a current snapshot of the industry, risk is constantly moving, and insurer expectations are rising. Underwriters are demanding more operational evidence to defend against negligence allegations, spanning from regulated incident capture to deterministic response protocols and time-stamped activity logs. This reality extends beyond compliance; it reflects what is now needed to remain viable in a world where physical and cyber threats intersect. For this reason, leading manufacturers are predicting which safety trends are likely to shape the industry, implementing protections against threats before they disrupt execution.

Each of the five trends below shows how cyber-physical convergence is forcing manufacturers to make security more coordinated, measurable, and closely tied to continuity. Together, they point to a practical path forward.

Trend One: Rethinking Segmentation for Operational Continuity

Many industry leaders are noticing that preventing system disruptions begins with reducing threat susceptibility. While most enterprises have established controls, they often fail to address ransomware attacks without compromising uptime. Recent public data reflects this, with ransomware complaints rising 9% year over year.

Manufacturers must shift their mindsets to reduce these threats. Too often, they focus on the breach or the attacker’s sophistication. However, they overlook the day-to-day operational realities that made them vulnerable in the first place. 

Enterprises seeking to limit exposure are gradually phasing in segmentation changes while accounting for OT involvement. Combined with tightened identity discipline, a living asset inventory, and a clear threat landscape, these organizations position themselves to maximize their defensive posture.

Trend Two: Strengthening the Human Layer of Security

Industry insights show that creating identity discipline often goes hand in hand with increased segmentation, limiting exposure by closing the digital and physical security gaps prevalent across the sector.

Third-party touchpoints, such as contractor badges, shared accounts, and remote support credentials, are emerging as a primary source of these gaps. Firms that fail to time-bound these access points typically open the door to physical-to-digital targeting. Insurers view this practice as an easily controlled gap, and remedying it is often necessary to prevent coverage creep.

In response, leading enterprises are establishing an identity-and-access baseline with measurable user controls. This means badge provisioning, visitor approvals, and contractor windows for all digital access points. By minimizing the attack surface, organizations can improve communication practices, allowing them to concentrate instead on common breakdowns at domain boundaries.

Trend Three: Eliminating Friction Across Security Domains

Once manufacturers strengthen their security posture, many enterprises turn to coordinated responses between different domains. A common strategy is to reduce issues during physical-cyber handoffs.

Handoff issues usually arise from conflicting priorities: OT focuses on uptime, while IT navigates risk reduction. Bringing these conflicting operational realities into alignment is difficult without a shared operating model, which helps establish clear ownership and decision rights.

Without this shared approach, it is important to establish standardized mechanics. Leading organizations are standardizing severity language, defining escalation paths, and rehearsing incident commands that span IT, OT, facilities, and physical security. Steering groups oversee these efforts, verifying that they are repeatable across sites and that execution remains consistent. When communication between teams improves, it creates a foundation for effective technology convergence between IT and OT systems.

Trend Four: Physical Infrastructure, Digital Risks

Another growing trend is the integration of physical and cyber systems, with cameras, access controls, and visitor tools operating within digital networks. As these tools become networked gateways, physical risks translate into downtime, safety threats, and data loss.

Successful enterprises prepare accordingly, following CISA guidance to help protect network edge devices. In practice, this translates to managing physical tools under the same guidelines as other assets. Inventory, hardening, segmentation, and log forwarding are often places that organizations prioritize to promote safe operations.

Trend Five: Building Resilience for Inevitable Disruption

Prevention isn’t always enough and can leave enterprises vulnerable when a hazard occurs. For this reason, most high-performing organizations establish breach response plans, which often share three common attributes:

1. Automation: Firms employ mass notification tools that automatically alert them during disruptive events.
2. Accurate contact information: Workers keep all data synchronized and up to date across systems.
3. Organization: Response teams pilot an overarching layer that connects InfoSec and physical defense protocols. They establish shared responses, decision rights, and escalation triggers that teams can fall back on when incidents arise.

Hazards are a part of the industry, but an established response plan can reduce safety risks, limit downtime, and minimize compliance exposure when incidents inevitably occur, helping industry leaders stay prepared for both current conditions and future challenges.

Building a Unified Security Posture for the Future

Collectively, these trends show where manufacturing security is headed. As physical infrastructure becomes more connected to IT and OT systems, security programs need to account for risks that span facilities, networks, and operations. Documented controls give manufacturers a clearer way to manage those risks, prove that safeguards are followed, and respond consistently when incidents affect multiple parts of the business.

Manufacturers that want to prioritize regulations will treat physical security as part of IT, align identity governance, establish a communication system that connects InfoSec and physical security, and standardize a minimum control set. When organizations operationalize these capabilities, they can bridge the physical-domain gap, turning on-the-ground activity into actionable context that supports continuity decisions.

About the Author:
Throughout his tenure with Trackforce, Jeff has been dedicated to establishing the company as North America’s foremost security management software provider. With a 360-degree vision for business growth, Jeff excels in recognizing emerging trends, pursuing sales in multiple verticals, and cultivating relationships with industry thought leaders. His expertise extends beyond his role at Trackforce, as he is a frequent speaker at various security associations and roundtables, including those hosted by NASCO, the National Security Alliance, and IASIR. Jeff is recognized as a leading content curator committed to sharing knowledge and driving conversations around security technology and management, making him a respected voice in this evolving landscape.

Subscribe to Industry Today