Cyber security for manufacturing — what UK manufacturers need now
Cyber security for manufacturing? If you type that into a search box, you probably want a short list of fixes that stop production lines from halting and invoices from being kicked into dispute. Too often in UK factories the IT team treats the shop floor as ‘someone else’s problem’, and equipment that talks over old protocols ends up talking to the internet. (More here: our cyber security guide.)
Protect production uptime
The single business risk that matters most in manufacturing is downtime. An hour of stopped production costs far more than a new firewall. Start by mapping which systems, machines and HMIs absolutely must keep running during a cyber incident. That map lets you prioritise controls where they pay off most.
Practical controls here are simple: ensure important machines are on segmented networks so a malware infection in the office can’t jump straight to the line; enforce strong password practice on shared consoles; and keep backups of machine controllers and configuration files so you can restore a cell without days of reprogramming. Focus the budget on measures that shorten outages, not on feature-heavy tools that busy your IT team.
Separate IT from OT, and manage third parties
Manufacturing mixes IT and OT. That makes your supply chain and contractors a critical attack surface. A remote-support tool used by a vendor with lax controls can act like an unlocked side door into your plant.
Segment networks so vendor connections land in a tightly controlled DMZ with time-limited accounts. Use multi-factor authentication for remote access, and log every session so you can audit what changed. Make sure change-control for any OT update is written down and reversible. For contract clauses, ask for evidence of the supplier’s cyber measures — a brief checklist or certification is enough for most smaller suppliers.
For common, baseline advice on controls that apply across sectors, see NCSC’s guidance on cyber controls.
Make people your defensive edge
Most breaches still start with a human action: a clicked link, an expired credential, or a misplaced USB stick. Training that lectures staff won’t stick. Instead, run short, role-specific sessions: operators need to spot abnormal behaviour on a HMI; maintenance techs should know not to plug unknown drives into controllers; procurement must demand cyber terms from suppliers.
Pair training with measurable steps: enforce unique logins for shared consoles, require simple incident reporting that doesn’t blame staff, and schedule routine checks where floor supervisors confirm that patching windows and backup tests have run. These are low-cost but very effective ways to cut repeat incidents.
To embed these changes without overloading your team, follow a basic checklist of technical and governance items and put ownership on a named person in operations — not an abstract IT function. For a quick internal check you can link this work to your wider risk register and make the business case for spending where it reduces stoppage risk.
One practical internal resource to evaluate your current posture is a focused cyber review: use an easy, outcomes-first approach to see which measures buy you hours back in production time and which simply add admin.
When to ask for help
If you cannot answer which machines must stay running during a security incident, or if suppliers connect into your network without time-limited access, bring in external help. Ask for a short engagement that maps critical systems, demonstrates one segmented connection, and hands back a short action plan. The right help should reduce downtime risk, free up internal time, and restore confidence with customers and insurers.
Start with one practical milestone: a tested backup and a segmented remote-access path for vendors. Hitting those two targets buys calmer management meetings, fewer emergency call-outs, and a clearer path to lower insurance premiums.







