Manufacturing Under Siege

How Chicago Manufacturers Can Stop a Cyberattack Before It Stops Production

Late last year, a cyberattack on Jaguar Land Rover cost the company roughly £1.9 billion ($2.5 billion), making it the most economically damaging cyber event in UK history. Production was halted for five weeks, and more than 5,000 businesses across Jaguar’s global supply chain were affected. The company claimed a full recovery wouldn’t likely occur until early 2026. In the weeks following the attack, UK car production fell by 27%, and the number of cars produced was the lowest of any September since 1952.

For manufacturers, this was more than a cyber incident — it was a wake-up call to step up their security to avoid a costly shutdown.

Chicago is home to a number of major players in the manufacturing industry, including Boeing, Caterpillar, Abbott Laboratories, and Illinois Tool Works — all of which could fall prey to attacks like the one that hit Jaguar. So, if security hasn’t been a priority for Chicago-area manufacturers, now is the time to secure environments before they become the next target.

The Growing Threat to Manufacturing

According to IBM’s X-Force Threat Intelligence Index 2026, manufacturing was named the most targeted industry for cyberattacks for the fifth year in a row, representing 27.7% of all incidents. And these attacks are on the rise. The average manufacturer faces 1,585 attempted attacks per week, with overall attacks increasing 30% year over year. Some segments of the industry are seeing even greater momentum, with the automotive manufacturing industry experiencing a 722% increase in cyberattacks from 2024 to 2025.

Breaches in the manufacturing industry are also more costly, averaging $5.56 million. Costs range from ransomware payouts to remediation and recovery costs to lost business due to downtime. Automotive manufacturers, for instance, lose $22,000 per minute when the production line stops, and unplanned downtime costs industrial manufacturers $50 billion a year.

These numbers are only expected to grow as AI increases the pace at which bad actors can launch attacks. Unfortunately for Chicago manufacturers, they’re likely to remain an enticing target, and here’s why.

• Downtime is costly: Manufacturers cannot afford to have their facilities offline; downtime is too expensive. This makes them much more likely to pay high ransoms fast.
• Valuable intellectual property: Manufacturers hold significant amounts of intellectual property, including engineering designs, proprietary processes, and other trade secrets that bad actors can use for double extortion or sell on the black market for a large payout.
• Complex supply chains: Manufacturing supply chains are long and complex, which creates multiple points of entry — each with varying levels of security. Bad actors can find the weakest link in a supply chain, exploit it, and work their way up to the most valuable player before pouncing.
• Outdated OT and IT systems: Many manufacturers are still working off legacy OT and IT systems that lack modern security controls. Replacing these systems is too expensive and time-consuming, so they remain in place and leave manufacturers vulnerable to attack. 
• Lack of resources: Depending on the size of the company, cybersecurity may not be a top priority for manufacturers. With limited budgets and security personnel, defenses aren’t as strong as in the financial and tech industries, opening manufacturers even further to attack. 

Where Attackers Get In

Many manufacturers focus their efforts on securing operational technology, including industrial control systems, SCADA devices, and production equipment. While those systems must be protected, the biggest risk actually lies elsewhere.

A report from Telstra and Omdia found that 75% of attacks on manufacturing firms originated in IT — not OT — systems. Attackers don’t need to hack industrial control systems. They can breach regular business systems like corporate networks, email, and business applications, and then cripple operations from there.

The Jaguar attack began when bad actors used social engineering techniques, phishing and vishing attacks, and stole credentials to log into Jaguar’s IT systems via a third-party vendor. Boeing experienced a similar attack that impacted its parts and distribution business when a ransomware gang attacked its IT systems and disrupted its entire supply chain. Meanwhile, Check Point Research has been monitoring a sophisticated social engineering campaign targeting manufacturing companies through ‘Contact Us’ forms.

To protect the IT systems that ultimately control or connect to OT systems, here’s where manufacturers need to focus when assessing their security posture.

Endpoint compromise

Manufacturing facilities have a significant number of endpoints a hacker can exploit to get in. And, while IoT devices and OT tend to be top of mind, it’s just as easy — if not easier — for a bad actor to get in via a laptop or mobile phone connected to an organization’s network. Not only can these devices be easily swiped, but they are often connected to networks remotely via unsecured WiFi networks. Meanwhile, if systems are misconfigured or software isn’t regularly patched, endpoints serve as open doors for bad actors to walk through.

Social engineering attacks and phishing emails

Unfortunately, securing endpoints isn’t enough to stop a bad actor from entering an environment. Too often, bad actors rely on human vulnerability to gain authorized access to office systems. According to CISA, more than 90% of successful cyberattacks start with a phishing email. Thanks to AI, these attacks are becoming more frequent and more convincing. With smishing, vishing, and sophisticated business email compromise campaigns at play, back-office teams are having trouble staying on top of the latest scams and stopping employees from handing over credentials to the vital systems that keep production lines moving. 

Identity and credential theft

If bad actors are getting in via social engineering and endpoint attacks, they are securing their foothold with credential theft. In the first half of 2025, identity-based attacks rose 32%, and 72% of breaches involved the exploitation of privileged credentials. Bad actors deploy social engineering attacks, including phishing, vishing, or deepfake videos, or brute force attacks to gain employee credentials to IT systems. They can then move laterally and hack into OT systems or lock up IT systems and hold them for ransom.

In short, attackers don’t need to hack a programmable logic controller when they can easily send a convincing phishing email that gets an office worker to click on a malicious link that deploys ransomware. From there, bad actors can steal engineering drawings with proprietary information. They can even shut down inventory, logistics, or financial systems.

Building Modern Manufacturing Defense

Chicago-area manufacturers need comprehensive IT security that protects endpoints and networks, monitors for suspicious activity, and establishes appropriate access controls to keep bad actors from entering IT systems and pivoting to production systems and equipment. These security programs should start with the basics, including:

1. Identity Protection

Companies must establish access and identity requirements. This should include a combination of security tools, policies, and training to ensure employees understand how to protect against unauthorized access to company systems. Identity management includes:

• Multi-factor authentication (MFA) everywhere
• Privileged access management
• Continuous behavior and ATO monitoring
• Strong password requirements

2. Email and endpoint security

Most people use personal and work email daily, regardless of role and industry. Because phishing emails are responsible for 90% of successful cyberattacks, protecting email and all endpoints is a must for manufacturers. In addition to security training and establishing protocols that ban or limit USB and removable media, companies should invest in security software that includes:

• Advanced email filtering and anti-phishing
• Endpoint detection and response (EDR)
• Ransomware prevention

3. Supply chain monitoring

SecurityScorecard’s 2025 report found that more than 70% of organizations admitted to experiencing at least one material third-party cybersecurity incident in the past year. Given the extensive complexity of manufacturing supply chains, companies must:

• Create strict security guidelines for vendors
• Gain visibility into vendor access points
• Invest in anomaly detection for third-party connections
• Segment networks
• Conduct regular security assessments of critical suppliers

4. 24/7 monitoring and response

According to IBM’s 2025 Cost of a Data Breach Report, it took organizations an average of 241 days to identify and contain a breach, and the cost of a breach rose significantly the longer it took a company to respond and recover. While the hope is that bad actors can’t find their way into a system, threat detection and response plans are an essential part of every security program and should include:

• Continuous monitoring of endpoints, email, and network activity
• Real-time threat detection
• Immediate response to contain threats
• Incident response plan

While these four areas cover the basics, they are by no means an exhaustive list. Cyber resiliency requires a thorough strategy, a deep security tech stack, employee training, policies that are woven into every part of the business, 24/7 monitoring and response services, and a commitment to security from everyone in the organization. It isn’t a checklist to work through and then forget — it requires constant attention and should evolve with the organization and the threat landscape. Otherwise, manufacturers leave themselves vulnerable to an attack.

Challenges to standing up a security program

Few manufacturers have the in-house resources to develop a truly resilient cyber security program. IT teams are set up to manage ERP systems, business applications, network infrastructures, and run a help desk for employees. They are not equipped to provide 24/7 advanced threat monitoring and detection, continuous authentication and authorization processes, and supply chain security protocols. Security simply requires a specialized skillset that differs from that of an IT team.

Attackers also know to strike when teams are out of office, so most cyberattacks happen at 2 a.m. — not 2 p.m. Modern manufacturers need a 24/7 security operations center (SOC), which can cost $1.5 million per year after an initial investment of $1 million to $2 million. These are funds many manufacturers aren’t willing to invest.

Even those who do have funds allocated for security may have trouble finding talent. The skills needed to navigate an increasingly advanced and vast threat landscape are growing, and the demands on security teams are increasing, making talent harder to find.  According to a 2024 ISC2 report, the global security talent shortage continues to be a problem, with a workforce gap of 4.8 million.

Due to the lack of skilled security professionals and massive budgets, many manufacturers are outsourcing their security efforts to MDRs.

The MDR Approach

Managed Detection and Response (MDR) offers fully managed cybersecurity services, including 24/7 detection, response, and remediation at a significantly lower cost than building an in-house team. The security professionals working at MDRs have intimate knowledge of the latest cyber threats because they are defending against them every day.

These security centers are operating with the latest, most advanced software and technology to ensure any anomaly in a client’s environment is flagged and thoroughly investigated. Monitoring and detection systems run 24/7, so manufacturers are protected during and outside of business hours. Unlike traditional MSSPs that simply alert clients when a breach is detected, MDRs handle response and recovery efforts, swiftly eliminating hackers to limit the damage should a breach occur.

Wondering if an MDR is right for you? Complete our self-assessment below. If you answer “no” to any question, your organization has critical security gaps, and an MDR might be the right fit.

• Do you have 24/7 security monitoring?
• Can you detect and respond to threats in minutes?
• Are all employees using MFA?
• Do you monitor vendor remote access?
• Can you contain a ransomware attack before it spreads?

Taking action to stop a breach before it stops production

With 75% of manufacturing breaches originating in IT systems, securing your corporate network and endpoints is a necessity. It could prevent a costly breach — $5.56 million on average — and keep your production line running. When looking for an MDR partner to run your security efforts, ensure they offer:

• 24/7/365 monitoring services
• Supply chain monitoring
• End-to-end incident response and recovery services
• Identity and access controls

SolCyber specializes in protecting manufacturers through comprehensive MDR++ coverage. We protect all endpoints, including laptops, workstations, and servers, and offer:

• Email and phishing protection
• Identity and access monitoring
• Network threat detection
• 24/7/365 expert response team
• Best-in-class security technology

Our team resolves more than 95% of incidents without ever involving your team at a third of the cost of building an in-house SOC. We also partner with leading insurers to ensure you get a discount on cyber insurance because they know, with us, you’re protected.

If you’re ready to take action and secure your manufacturing environment from a cyberattack, contact the experts at SolCyber to schedule your security assessment, review your cyber insurance requirements, and stand up a security program in 30 days.

Photo by Ricky Beron on Unsplash