Cyber risks tighten grip on UK factories

Almost eight in 10 UK manufacturers suffered at least one serious cyber incident over the past 12 months, according to new ESET-commissioned research, adding fresh evidence that digital disruption is now a mainstream operational risk for one of Britain’s most exposed industrial sectors. The findings indicate that 78% of manufacturers were hit, while 53% said attacks led to lost revenue, underscoring how cyber breaches are moving from the server room to the production line.

That threat became tangible across British industry last year when Jaguar Land Rover’s cyberattack forced a prolonged shutdown at its UK plants. Reuters reported in September 2025 that the carmaker extended a factory stoppage to four weeks after the breach, and by November said operations had returned to normal only after a six-week halt that disrupted supply chains and cost the group hundreds of millions of pounds. In January 2026, Reuters also reported that the fallout helped drive a 43.3% drop in JLR’s third-quarter wholesale volumes.

ESET’s survey suggests JLR was not an isolated case but a high-profile example of a wider problem facing factories that increasingly depend on connected machinery, cloud software, remote maintenance tools and complex supplier networks. Industry reporting on the study said more than half of the worst incidents cost affected firms over £250,000, a figure that helps explain why cyber resilience is becoming a board-level manufacturing issue rather than a narrow IT concern.

Manufacturing has long been considered a prime target because disruption carries a multiplier effect. A locked laptop can be inconvenient in an office setting, but a compromised industrial network can halt output, delay shipments, damage supplier confidence and expose valuable intellectual property. Make UK has previously warned that production stoppages were the most common consequence of cyberattacks in manufacturing, affecting 65% of victims, with reputational damage also a major concern.

Official UK data shows the broader cyber environment remains challenging even beyond manufacturing. The government’s Cyber Security Breaches Survey 2025 found ransomware incidents among businesses rose from less than 0.5% in 2024 to 1% in 2025, equivalent to about 19,000 businesses. It also found phishing remained the dominant form of cyber crime, while businesses that suffered cyber crime reported an average of 30 incidents over the year, pointing to repeated targeting rather than one-off attacks.

Those economy-wide figures may appear lower than the manufacturing-specific numbers from ESET, but they are not directly contradictory. The government survey covers all businesses, while manufacturers tend to have a larger operational attack surface, mixing conventional IT systems with operational technology running machinery, warehousing and logistics. That combination can leave companies more vulnerable to both opportunistic ransomware groups and more specialised intrusions aimed at high-value industrial processes. This is an inference drawn from the sector-specific ESET findings, official UK survey data and long-standing NCSC and industry guidance on the distinct risks of malware and ransomware to operational environments.

Another pressure point is supply-chain exposure. Large manufacturers often rely on hundreds of external technology, logistics and component partners, meaning a weak link outside the plant can still trigger stoppages inside it. The JLR episode illustrated how cyber and supply-chain stresses can overlap, while Reuters’ report last week on a separate supplier-related parts disruption at the Solihull plant showed how quickly production schedules can be thrown off even without a cyber trigger. That overlap is sharpening concern among executives who must now treat cyber preparedness as part of wider business continuity planning.

Security specialists say the answer is rarely a single product or patch. The National Cyber Security Centre’s guidance continues to stress practical defences such as robust backups, access controls, prompt patching, network segmentation, incident response planning and staff awareness, especially against malware and ransomware. For manufacturers, those basics are increasingly being paired with tighter scrutiny of third-party access, separation between office systems and plant-floor networks, and closer monitoring of industrial control environments.

The commercial consequences are also becoming harder to dismiss. Lost revenue is only the first visible effect. Delayed orders, contractual penalties, forensic costs, higher insurance premiums and strained supplier relationships can continue long after systems come back online. Make UK has said customers increasingly seek reassurance on cyber controls before signing contracts, suggesting cyber readiness is turning into a competitive factor as much as a compliance issue.