20% Rise in Supply Chain Cyberattacks: Legacy Systems Continue to Leave Manufacturing Exposed
Manufacturing’s Expanding Cyber Risk
Cybercriminals are maintaining relentless pressure on the manufacturing sector, targeting outdated operational technology (OT) systems and global supply chains with increasingly sophisticated tools.
According to IDS-INDATA’s 2025 Cyber Threat Analysis, supply chain attacks have increased by 20% year-on-year, making them the fastest-growing cyber threat to manufacturers. The findings, published to coincide with Cybersecurity Awareness Month, highlight how legacy OT-IT systems and complex supplier networks are leaving manufacturing organisations increasingly exposed to evolving, AI-driven attacks.
These findings confirm what many in the industry are already experiencing, that the attack surface is expanding faster than most defences can evolve.
A Rapidly Shifting Threat Landscape
Every major category of cyber threat tracked by IDS-INDATA grew again in 2025. The most significant increases were seen in supply chain compromise (+20%), social engineering (+7.9%), and ransomware (+7.1%).
| Threat Type | 2024 | 2025 | Change (%) |
|---|---|---|---|
| Spear Phishing | 88% | 89% | +1.1% |
| Ransomware | 42% | 45% | +7.1% |
| Malware | 50% | 53% | +6.0% |
| Social Engineering | 38% | 41% | +7.9% |
| Supply Chain Attacks | 30% | 36% | +20.0% |
While spear phishing remains the most common entry point, supply chain attacks are where the most worrying growth is happening. As more manufacturers rely on connected suppliers, software vendors, and logistics partners, every external connection becomes a potential access route for attackers.
Breaking Down the Key Threats
Supply Chain Attacks (+20.0%)
Supply chain compromise remains the most rapidly expanding cyber threat in manufacturing. As industrial ecosystems become more interconnected, third-party weaknesses serve as key entry points. Attackers are now using AI-assisted reconnaissance tools to automatically map supplier networks and identify vulnerable links, allowing them to scale attacks and maximise impact.
Ransomware (+7.1%)
Ransomware continues to dominate industrial cyber incidents. Attackers exploit unpatched or unsupported OT systems, often using AI to adapt payloads in real time. For manufacturers, this means longer operational downtime, more complex recovery cycles, and higher costs for both remediation and lost production.
Malware (+6.0%)
Malware targeting OT-IT environments is becoming more adaptive. Once inside a network, it can learn its structure and spread laterally. The lack of segmentation between production and business systems – still common in manufacturing – leaves many organisations vulnerable to cross-contamination between critical environments.
Social Engineering (+7.9%)
AI-enhanced manipulation techniques are driving the growth of social engineering attacks. Deepfake voices and fabricated supplier emails are increasingly being used to authorise payments or trigger supply-chain changes. As attackers focus more on exploiting human trust, cybersecurity awareness has become just as important as technical defences.
Spear Phishing (+1.1%)
Targeted phishing continues to affect nearly nine in ten manufacturers. Attackers are improving their methods, using contextual language and spoofed domains that mimic legitimate supplier communications, making them harder to detect.
Expert Insight: Ryan Cooke, CISO at IDS-INDATA
“Supply-chain attacks let criminals do less work and reap more reward — one compromise, often many victims. Defending the chain is defending everyone,” said Ryan Cooke, Chief Information Security Officer at IDS-INDATA.
Cooke’s comment captures the challenge manufacturers now face: it’s no longer enough to secure internal systems. True resilience requires protecting the full chain, including the vendors, logistics partners, and service providers that keep production moving.
From Awareness to Action: Building Defences That Last
IDS-INDATA’s findings show that manufacturers need both immediate action and long-term planning to reduce exposure. The organisation’s approach to proactive defence focuses on practical, layered controls across both OT and IT environments:
-
Conducting vulnerability assessments on legacy assets to identify critical weaknesses.
-
Segmenting networks to prevent lateral movement between production and business systems.
-
Implementing AI-powered threat detection to identify unusual behaviour early.
-
Tightening supplier risk management, prioritising vendors with access to critical data.
-
Running regular employee training to reduce susceptibility to phishing and social engineering.
These measures help manufacturers build stronger barriers against compromise while laying the groundwork for sustainable cyber resilience.
Resilience Beyond the Factory Floor
For manufacturers, resilience is no longer a checklist, it’s a continuous process. IDS-INDATA helps organisations develop secure configuration audits, patch management programs, and supply-chain risk frameworks aligned with operational realities.
As Cooke explained:
“It’s important to ensure that your suppliers are implementing, at a minimum, the same level of cybersecurity as you are. It’s about building resilience by looking outside of your own organisation’s boundaries and including your suppliers, who are also responsible for protecting your data.”
Manufacturers that apply this mindset (treating every supplier as part of their security ecosystem) will be better positioned to contain and recover from future attacks.
Methodology and Credibility
The 2025 Cyber Threat Analysis draws on a synthesis of publicly available threat intelligence and manufacturing-sector cybersecurity data, including:
-
UK Cyber Security Breaches Survey 2025 (Department for Science, Innovation and Technology)
-
ENISA Threat Landscape 2025 (European Union Agency for Cybersecurity)
-
IBM X-Force Threat Intelligence Index 2025
-
NCC Group Threat Pulse 2025
-
Vendor threat intelligence reports from Sophos, CrowdStrike, and Check Point
-
Government and industry studies focused on OT-IT risk and supply-chain vulnerabilities
The data reflects year-on-year percentage changes in the proportion of UK manufacturing businesses affected by each threat type, standardised against 2024 baseline figures. Adjustments were applied using global and European datasets to ensure consistency.
This modelling provides a reliable indicator of trend strength, helping manufacturing leaders prioritise where to focus investment and mitigation.
The Takeaway for 2025
Manufacturers are entering an era where cybersecurity extends far beyond their own networks. As AI amplifies the speed and precision of attacks, protecting the supply chain has become a shared responsibility across every tier of production.
IDS-INDATA’s research makes one message clear: resilience depends on visibility, collaboration, and vigilance. By modernising legacy systems, improving supplier oversight, and embedding continuous cybersecurity practices, manufacturers can build the collective strength needed to withstand the next wave of threats.
To learn more about how IDS-INDATA helps manufacturers strengthen OT-IT resilience, contact us today.
