It’s been a tumultuous year for manufacturing cybersecurity.
From high-profile ransomware attacks on companies like Nucor and Masimo to lesser-known breaches that disrupted supply chains and halted production lines, the pressure on operational resilience is at an all-time high.
And on the surface, the industry appears to be taking that pressure seriously. In a recent global survey of enterprise cybersecurity leaders from Semperis, 95 percent of manufacturing and utilities organizations reported having a comprehensive cyber crisis response plan in place. More than three-quarters reported that those plans are integrated into broader enterprise crisis management protocols.
Great news, right? Not so fast.
On their surface, these stats are encouraging. However, a deeper dive reveals a more complex picture. Yes, manufacturing organizations claim to be prepared. However, 51 percent of respondents reported experiencing at least one high-impact cyber incident in the past year, while one in five experienced multiple such events.
And even though manufacturing was among the best-performing industries on this metric, more than 80 percent of organizations had to activate their enterprise crisis plans in response to a cyber event. These numbers tell a simple story: preparation on paper does not necessarily translate to cyber readiness in the real world. There is a real gap between plan and execution, and attackers are taking advantage.
The Communication Breakdown
One of the biggest challenges manufacturers face in crisis response isn’t technological: it’s human. The report found that communication gaps are the most cited impediment to effective cyber response.
The communication gap is an easy trap to fall into. Many organizations rely on outdated or inconsistent tools to coordinate across departments during an incident. That’s a significant concern, given that ransomware and other cyberattacks often render normal communication channels, such as email and messaging platforms, unusable or untrustworthy.
When you pause to consider factors that might make an industry more prone to coordination failures – things like distributed operations across multiple facilities and suppliers – it becomes clear that manufacturing companies are especially vulnerable to coordination breakdowns.
During a cyber incident the lack of a secure, unified communication channel can amplify damage as key stakeholders struggle to understand the scope of the attack, prioritize response steps, and make time-sensitive decisions.
It gets worse when crisis plans are not tailored to specific realities of the organization, which can (and often does) happen when security teams develop IR plans to satisfy compliance requirements as opposed to creating them with the end goal of operational resilience in mind.
The Practice Gap
While manufacturing organizations widely report having cyber response plans in place (the good news!), the data suggests they lag behind other sectors when it comes to keeping those plans current (the bad news).
According to the report, only 56 percent of manufacturing and utilities organizations update their cyber response playbooks on a monthly or quarterly basis. That’s well below the cross-industry average of 72 percent. It’s an alarming gap, which raises concerns about how well-prepared most manufacturers truly are for dealing with cyberattacks. And unfortunately, even regular updates don’t guarantee readiness.
Another recurring problem: the limited scope of crisis exercises. Many still exclude key stakeholders from non-technical domains. For example:
- Only 35 percent of organizations include legal, finance, or HR in crisis simulations.
- Only 37 percent bring in business continuity personnel.
- Just 43 percent involve disaster recovery teams. That’s a critical oversight, particularly for manufacturers, where cyberattacks can quickly cascade into regulatory violations, costly supply chain disruptions, missed financial reporting, or safety concerns on the factory floor.
The result is that when a real crisis hits, even well-documented plans can fall apart. Decision-makers aren’t aligned. Communications falter. Roles are unclear. And instead of executing a coordinated response, teams are left scrambling to improvise under pressure: a recipe for inevitable disaster.
Toward Real-World Resilience
You can’t bridge the gap between planning and execution overnight, but there are immediate steps you can take to move in the right direction. It begins with adopting a more grounded, operationally realistic approach to crisis readiness. For manufacturers, this means that plans must reflect the complexity of interconnected systems (both internally and within their ecosystem of suppliers), the criticality of uptime, and the roles played by stakeholders far beyond security and IT.
When plans are developed in isolation from the day-to-day realities of the business, gaps and trouble spots result. A good plan will identify key assets, map out system dependencies, and assign clear responsibilities across departments, from cybersecurity to legal, finance and executive leadership.
Just as important is a strong communication infrastructure. If you don’t have secure, out-of-band tools that enable reliable coordination across dispersed teams and facilities, your organization is at a disadvantage. What’s more, those tools must be standardized and regularly tested to ensure they’ll hold up when an actual crisis pops up.
And then there’s the part that too many organizations skip: meaningful, whole-of-business practice. Say it with me: tabletop exercises aren’t a checkbox!
Practical training exercises need to reflect the chaos and complexity of a real cyber incident, including the pressure, ambiguity, and rapid decision-making. This means going beyond IT and security to involve critical stakeholders from across the entire business, including legal, HR, and executive leadership.
Anyone who would have a role in a real crisis needs to understand their role in mitigating that crisis and rehearse it. The goal isn’t perfection; it’s muscle memory. You don’t want people figuring it out for the first time (or worse: failing to figure it out) while systems are actively going down.
At the end of the day, readiness isn’t just about having a binder labeled “Incident Response Plan” sitting on a shelf collecting dust. It’s about building reflexes, relationships, and resilience into the business. Cyber threats aren’t going anywhere, and for manufacturers, the stakes are especially high. If your business depends on uptime, physical safety, and complex supply chains, then crisis response can’t be theoretical.
So, ask the tough questions.
Update the plan.
Bring the right people into the room.
And rehearse until it feels real. Because one day, it will be.
