Cyberattacks are no longer stopping at corporate networks. Increasingly, they are halting production lines, disrupting freight movement, and exposing how tightly modern supply chains depend on interconnected digital systems.

Across manufacturing and logistics environments, ransomware attacks, credential theft, and supplier vulnerabilities are increasingly translating into operational downtime with direct financial consequences. Recent insights from executives at Arkestro and Resilience suggest the industry is beginning to treat cyber risk less as a standalone IT issue and more as a core supply chain continuity challenge.

“The cyber-to-disruption translation is happening most visibly in manufacturing and industrial logistics,” said Ben Leiken, CTO at Arkestro. “The structural shift is that the disruption rarely originates inside the largest enterprises. In our experience, these attacks most frequently affect mid-market manufacturers running legacy systems that are more vulnerable to exploits.”

That exposure is becoming more significant as manufacturing and logistics environments grow increasingly interconnected. According to Jud Dressler, Head of the Risk Operations Center at Resilience, the convergence of IT and operational technology systems is creating a new category of vulnerability where cyber incidents directly affect physical operations.

“When ransomware hits IT systems, it now reaches production lines, leading to downtime for the manufacturer,” Dressler explained. “Just-in-time supply chains are acutely vulnerable to cyber incidents because their reliance on integrated digital systems and minimal inventory creates a near-zero tolerance for production downtime.”

Supplier Risk Becomes Operational Risk

Both executives pointed to supplier ecosystems as a growing weak point. Rather than targeting large enterprises directly, attackers are increasingly exploiting smaller suppliers and external vendors whose security controls may be less mature but whose operational role remains critical.

“The procurement implication gets underweighted in security conversations,” said Leiken. “Supplier security posture is now a sourcing decision, not just an IT one. If a critical supplier goes dark, the question isn’t ‘are we secure?’ – it’s: ‘do we have a re-sourcing plan we can execute in 72 hours?’”

That shift is changing how organisations think about operational resilience. Supplier cybersecurity is increasingly being evaluated not only as a compliance issue, but as a factor that can directly affect sourcing continuity, inventory flow, and production stability.

The Cost of Downtime

The operational and financial impact of these incidents is escalating rapidly. Leiken cited IBM data showing manufacturing downtime averaging approximately $260,000 per hour, while Dressler noted that ransomware accounted for more than 90% of total incurred losses across Resilience’s manufacturing portfolio over the last five years, despite representing a much smaller share of overall claims volume.

One example referenced by both companies was the 2025 Jaguar Land Rover ransomware incident, where compromised third-party credentials reportedly contributed to widespread disruption across production facilities and supplier networks.

“The attack led to a complete production halt across JLR’s global plants, with cascading effects across thousands of suppliers,” Dressler said. “A single cyber event can quickly escalate into missed deliveries, idle production lines, and cascading supply shortages that don’t just hurt the business but the entire supply chain ecosystem.”

The broader concern is that many of these disruptions are no longer isolated technical incidents. As production environments become more digitally connected, operational disruption can spread quickly across manufacturing, warehousing, sourcing, and transport functions.

Resilience Becomes a Supply Chain Function

The evolving threat landscape is also forcing organisations to rethink which operational controls matter most. Both companies argued that many of the most effective safeguards are foundational operational disciplines rather than advanced technologies.

According to Leiken, phishing-resistant multi-factor authentication and immutable backup systems remain among the highest-leverage protections against ransomware-related disruption. Dressler similarly pointed to stronger vulnerability management, network segmentation between IT and OT environments, and tighter supplier security requirements as increasingly critical measures.

“Cyberattacks on manufacturers are inevitable,” Dressler said. “It’s not enough to simply hope an attack doesn’t happen. Manufacturers should instead focus on reducing their material risk to minimise financial damage and enable business continuity when a cyber incident does occur.”

Manufacturers are also increasingly extending cybersecurity expectations into supplier relationships through contractual requirements, continuous monitoring, and stricter operational controls. In practice, that means resilience planning is moving beyond the IT department and becoming embedded within procurement, sourcing, and operational decision-making.

Cybersecurity Moves Into the Core of Operations

The distinction between cybersecurity and operational resilience is narrowing rapidly across industrial supply chains. The issue is no longer simply protecting data or internal systems, but protecting the continuity of production, inventory movement, sourcing, and fulfilment across interconnected supplier networks.

Taken together, the developments point to a broader structural shift in how manufacturers assess operational risk. As ransomware, supplier vulnerabilities, and digitally connected production systems become more tightly linked, cybersecurity is increasingly being treated as a core business continuity function, one capable of directly shaping operational performance, supplier resilience, and long-term competitiveness.