Smoke curling from a halted conveyor belt in a Midlands factory, lights flickering as the cyber gremlins feast on outdated OT systems.
That’s not some dystopian flick. It’s the reality for eight in 10 UK manufacturers hit by cyber incidents last year, per ESET’s fresh poll of 500 execs. We’re talking 78% who couldn’t dodge a serious breach – way beyond JLR’s headline-grabbing meltdown.
And here’s the kicker: 95% said it actually dinged their business. Financial hits on 53%. Supply chains snarled for 44%, missed deadlines for 39%. Brutal.
The Downtime Black Hole
Full or partial shutdowns? Check. 77% of those endured 1-7 days of dead air. Half saw 1-3 days of pure outage hell — machines silent, workers idle, revenue evaporating like morning dew.
A fifth of these outfits? They’ve got zilch visibility into the cyber risks chewing their production lines. Blindfolded in a knife fight. No wonder AI-fueled attacks topped the fear list at 46%, edging out phishing (42%) and ransomware (40%).
But wait — AI-enabled? Sounds buzzy. Probably just hackers using off-the-shelf gen-AI for smarter phishing or evasion. Not Skynet storming the factory floor. Yet.
ESET’s data echoes IBM’s X-Force: manufacturing snagged 28% of incidents last year, fifth year running as the bullseye sector.
Boards: Parked in Neutral
JLR’s wake-up call? Apparently snoozed through. Only 22% pin cyber accountability on the board or C-suite. Nope — 55% dump it on IT, that classic maturity red flag.
Reactive security rules for 21%. Knee-jerk patches, point solutions, endless firefighting. Strategic? What’s that?
“The real challenge is that many organizations still treat cybersecurity as an IT issue rather than a strategic business decision. When it sits outside the boardroom, it’s harder to prioritize appropriately,” says ESET UK boss Matt Knell. “What’s striking is that many organizations still see reactive approaches as more economical, despite the evidence to the contrary. With many major incidents resulting in six-figure losses and widespread operational disruption, the cost of reacting after the fact can be significant.”
Spot on, Matt. But who’s making bank here? Vendors like ESET, peddling polls that scream ‘buy our stuff.’ Cynical? After 20 years in this Valley-of-hype game, yeah.
Why Are UK Factories Such Easy Marks?
OT systems — those creaky industrial controls — married to IT networks without proper air-gapping. Legacy gear from the ’90s, unpatched because ‘it’ll break production.’ Recipe for disaster.
Flashback to 2017’s NotPetya worm: Maersk lost $300 million in a week, shipping containers piling up like modern pyramids. UK manufacturing dodged the worst then, but today’s stats say the dodge is over. My bold call? Without board-level war rooms, we’ll see JLR 2.0 by Christmas — maybe a Big Four supplier crippled, starving Tesco shelves.
Financial losses already in six figures per ESET. Boards fiddling while factories burn? That’s not just immature; it’s suicidal in a world where state actors eye critical infra.
Phishing’s old hat, but AI amps it — deepfake calls to ops managers, auto-generated exploits. 46% naming it top threat isn’t paranoia; it’s pattern recognition.
Yet visibility lags. 20% in the dark on production risks. Fix that first — convergent IT/OT monitoring, not siloed tools.
Who’s Cashing In While Factories Bleed?
Security firms, obviously. ESET’s poll spotlights the pain, funnels leads. Fair play — better alarmed than ambushed. But execs chasing ‘economical reactive’ fixes? You’re funding the hackers’ next yacht.
Shift to prevention: board mandates, converged risk teams, zero-trust for OT. Pricey upfront? Sure. Cheaper than a week’s downtime.
IBM pegs manufacturing as perpetual target #1. Why? High-value disruption — halt a car plant, and it’s national news. Boards must own this, or watch margins melt.
Will Boards Finally Wake Up?
Doubt it short-term. Too busy with ESG fluff and EV pivots. But pile on a few more JLR-scale stories, and inertia cracks.
My unique angle: this mirrors the ’90s dot-com bubble’s cyber infancy, where firms laughed off ‘virus’ scares till Code Red tanked e-commerce. Back then, IT budgets were rounding errors. Now? Cyber’s the new ops core. Ignore at peril.
Manufacturers: audit your OT now. Boards: get in the room, or get out of the way.
🧬 Related Insights
- Read more: CVE-2026-20929: Hackers Hijack Your Certs with DNS CNAME Tricks
- Read more: F5 BIG-IP’s CVE-2025-53521: DoS Flaw Morphs into RCE Weapon, Already Hitting the Wild
Frequently Asked Questions
What percentage of UK manufacturers were hit by cyber incidents last year?
78%, according to ESET’s survey of 500 senior decision-makers.
Why is manufacturing the top cyber target?
It offers huge disruption value — think halted production lines and supply chain chaos — topping IBM’s incident charts for five years straight.
How long do cyber attacks downtime UK factories?
77% faced 1-7 days; 56% saw 1-3 days of outages.
