Cyber risk is rising faster than Australian manufacturers can respond

Manufacturing is vital to Australia’s economy, but the growing risk of cyber attacks poses a significant threat to the sector’s operations. Globally, manufacturing faced the highest number of attacks during the last three years, accounting for 25.7% of all incidents. As Australian companies continue to embrace the digital transformation megatrend of smart manufacturing and AI to remain competitive, their attack surface has continuously expanded at a rapid rate.

We are now at a point where many Australian manufacturers simply can’t keep up. New data obtained by the ABC under freedom of information laws revealed some manufacturing and mining organisations are taking up to two years to notice and report breaches to authorities, prompting concerns about how secure our critical infrastructure really is.

Why is manufacturing more at risk than other sectors?

Industrial control systems (ICS) and other equipment that was once isolated from the internet are increasingly being connected as manufacturers adopt new smart manufacturing capabilities. These devices are now exposed to the same threats as their IT counterparts, introducing new risks to manufacturing environments that hackers are seeking to exploit.

Cyber attacks on manufacturers do more than disrupt daily operations. They can affect production quality, create costly operational downtime, and even jeopardise public safety. Therefore, it’s imperative that cybersecurity moves from being an afterthought to an operational necessity.

The most common attack vectors

As seen with the Jaguar Land Rover cyber attack, threats to manufacturers are on the rise and can literally bring businesses to a halt. Ransomware is leading the way, going from a nuisance affecting SMBs to a systemic issue threatening critical infrastructure. From 2024–25, the manufacturing sector experienced a 61% surge in ransomware attacks — the most of any critical industry. Unfortunately, hackers know manufacturers face intense pressure to maintain production, making them more likely to pay ransoms.

One of the most common attack vectors is remote access connections. These insecure third-party connections, VPNs and remote access tools used by contractors and vendors are easily exploitable. Furthermore, legacy IIoT devices (which often remain unpatched for many months due to the high cost of replacing them) are another easy target. Improperly segmented networks also lead to a litany of issues following a breach, causing a ripple effect across the entire network.

A multi-layered approach to cybersecurity is critical

Manufacturing environments are inherently complex, so protecting them requires a multi-layered approach that addresses organisational and technological challenges.

Step one is maintaining a comprehensive asset inventory of all devices and communication pathways — a must-have for industrial cybersecurity. Additionally, implementing an exposure management program that accounts for asset complexities and unique governance is mission-critical.

Step two is network segmentation. Dividing the enterprise network into isolated zones dramatically reduces the blast radius of an attack, but this division must be done in line with manufacturing protocols like Modbus and EtherNet/IP.

Step three is secure remote access. While remote maintenance on OT asset-heavy environments saves considerable time and money, to reduce the risk of a breach, organisations must choose a secure access solution with granular access controls, multifactor authentication and time-limited access windows.

The heightened level of cyber risk facing Australian manufacturers is unlikely to die down anytime soon, so it’s time for the industry to collectively rethink its approach to cybersecurity.

*Leon Poggioli is Vice President ANZ at cybersecurity company Claroty. Leon’s mission is to help Australia’s critical infrastructure and industrial organisations on their journeys to discover, assess and protect their entire cyber-physical infrastructure.

Top image credit: iStock.com/narvo vexar