Manufacturing tops costly cyberattacks

Manufacturing cyber risk has changed shape. It is no longer just a data-theft story or a ransomware headline that lives in the IT department. In factories, the expensive part is often the plant stopping — lines go down, shipments slip, suppliers get jammed, and every lost hour starts compounding. That is why this week’s insurance-focused reporting matters: the industry is treating manufacturing as the sector where cyber incidents most quickly turn into real operating losses. (insurancejournal.com) ### Why are factories such attractive targets? Manufacturers combine three things attackers love. They have valuable intellectual property, sprawling supplier networks, and lots of old and new systems stitched together. A corporate network, an ERP system, remote vendor access, and plant-floor operational technology can all end up connected enough that one weak point becomes everyone’s problem. IBM’s latest threat reporti(insurancejournal.com)hich tells you this is not a one-off spike. (ibm.com) ### Why does downtime hurt so much more here? A law firm or retailer can often keep parts of the business moving during a cyber event. A plant is different. If scheduling systems fail, if a programmable controller gets isolated, or if teams shut equipment down out of caution, production can stall immediately. Then the losses spread outward — idle labor, delayed customer orders, spoiled (ibm.com)ty in manufacturing can look brutal even when the original intrusion was “just” a network compromise. (insurancejournal.com) ### So is this mainly a ransomware story? Ransomware is still a big part of it, but the deeper issue is fragility. Attackers do not always need to directly manipulate industrial controls to cause damage. Hitting identity systems, remote access tools, or public-facing applications can be enough to force a shutdown while teams investigate. IBM says exploitation of public-facing applications jumped sharply in 2026 threat da(insurancejournal.com) connections to keep operations moving across sites and partners. (newsroom.ibm.com) ### What changed in the insurance view? The insurance angle is basically this: carriers and brokers are no longer looking at cyber as a standalone privacy loss. They are looking at business interruption. Insurance Journal’s write-up points to claims data showing manufacturers face especially high financial exposure from cyber inciden(newsroom.ibm.com)solate systems, and recover?” (insurancejournal.com) ### Why is operational technology the hard part? Plant systems are built for uptime first. Many machines stay in service for years, sometimes decades, and cannot be patched on the same schedule as office software. You also cannot always reboot or replace a controller in the middle of production. The catch is that this makes sensible IT advice — patch fast, rotate everything, take systems offline — harder to execute on th(insurancejournal.com)onger cybersecurity mandates, which helps explain the gap. (marsh.com) ### What should manufacturers do differently now? They need to treat cyber resilience like maintenance planning. Segment networks. Lock down remote access. Practice plant-specific incident response. Know which systems can fail over and which ones stop the line cold. Backups matter, but so do manual workarounds, spare components, and clear rules for when to disconnect equipment. Basically, the w(marsh.com 1)(marsh.com 2) ### Bottom line The story here is simple. Cyber is now part of manufacturing continuity planning, right next to equipment failure and power loss. Once attacks are measured in halted production instead of stolen files, factories stop looking like just another victim sector and start looking like the cost center cyber insurers worry about most. (insurancejournal.com)