Cyber threats are no longer just an IT issue – they’re a boardroom concern, especially for manufacturers. In recent months, several high-profile cyber-attacks have brought major UK businesses to a standstill – disrupting supply chains, halting production and putting customer data at risk. These incidents are a powerful reminder that cyber threats are growing in both scale and sophistication.
To explore what this means for the manufacturing sector, Sam Cheshire, Cyber & Tech Practice Group Managing Director at Gallagher and Jake Taylor, Senior Consultant – Global Cyber Risk Management at Gallagher share their insights on key lessons manufacturers can take from recent attacks – and how to strengthen resilience before it’s too late.
One of the starkest lessons from these attacks is that threat actors are not just after data – they’re increasingly focused on disrupting operations. Ransomware attacks that lock production lines, hijack systems, or corrupt supply chain networks have become more common. For manufacturers, this means that downtime is no longer just costly – it’s potentially existential.
A common theme in recent breaches is that human error remains the weakest link. Social engineering and phishing attacks – now supercharged by AI – are becoming more convincing and harder to detect. Even the most secure systems can be undermined by one misplaced click or an unverified email.
“Cyber-attacks on manufacturers are no longer just about data theft — they’re halting production lines and disrupting entire operations.”
Sam Cheshire, Cyber & Tech Practice Group Managing Director, Gallagher
Another lesson is the importance of supply chain due diligence. Many attacks have exploited third-party weaknesses to gain access to much larger networks. Manufacturers, often reliant on complex webs of suppliers and distributors, must ensure that their partners uphold the same cyber hygiene standards as they do.
So, what can manufacturers do to strengthen their cyber resilience?
- Embed cyber security into operational strategy, not just IT. Cyber risk must be viewed through the lens of business continuity, not just compliance.
- Train staff to recognise threats. From the shop floor to the senior leadership team, everyone has a role to play in cyber defence.
- Invest in layered protection. Multi-factor authentication, endpoint detection and response, and regular vulnerability assessments are no longer ‘nice to haves’ – they’re essential.
- Review and rehearse your incident response plans. Knowing how to react in the first few hours of an attack can make all the difference in limiting damage and protecting reputation.
Cyber criminals are evolving their tactics rapidly. For manufacturers – particularly those undergoing digital transformation or adopting IoT and smart factory technologies – the attack surface is growing.
“With phishing and social engineering on the rise, human error remains one of the biggest vulnerabilities. Regular training is no longer optional — it’s essential.”
Jake Taylor, Senior Consultant – Global Cyber Risk Management, Gallagher
But knowledge is power. That’s why, this Cybersecurity Awareness Month, you can join our webinar on Thursday 9th October 2025 at 10 am where our panel of specialists will discuss the current threat landscape, common vulnerabilities, and practical steps you can take to build stronger cyber defences. They will also delve into post-attack scenarios, using a real-world incident as a case study, and explore the unfolding events from the perspectives of cyber risk management, cyber insurance, legal, and brand reputation.
