Economic instability has always been a disruptor for manufacturers. From raw materials sourcing to global distribution, shifts in policy, tariff, or trade agreements can ripple through production lines.
But in 2025, these disruptions extend far beyond logistics and cost. They are reshaping the security landscape of cyber-physical systems (CPS), the operational technology, IoT, medical devices, and building management systems that underpin mission-critical infrastructure.
Claroty’s report, The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape, reveals just how deeply economic turbulence and geopolitical tension are affecting security postures. The findings highlight both the challenges organizations face, such as growing risks and shifting regulatory requirements, and the opportunities for building greater resilience by rethinking approaches to CPS protection.
Rising Risk in a Time of Instability
Nearly half of survey respondents (49 percent) reported that supply chain changes driven by shifting global economic policies and geopolitical tensions are creating increased cyber risk to CPS assets and processes. This is not simply a matter of procurement delays or cost overruns. It is about visibility and trust. When suppliers shift, so do the attack surfaces manufacturers must defend.
At the same time, 45 percent of respondents expressed concern over their ability to reduce risk to key CPS assets and even to fully understand their overall risk posture. This uncertainty underscores a critical challenge: manufacturers cannot protect what they cannot see. Without complete visibility into connected assets and their exposures, defenders are fighting blind in an environment where adversaries are only getting bolder.
Third-Party Access: The Hidden Weak Link
The report also highlights a growing vulnerability in third-party remote access to CPS environments. As supply chains reconfigure, new vendors and technologies inevitably enter the fold, often bringing their own remote access tools and creating a high-risk entry point for attackers.
Nearly three-quarters (73 percent) of organizations said they are re-evaluating third-party remote access to CPS operations. Their concerns are well-founded: 46 percent admitted they experienced a breach in the past year due to third-party access, and 54 percent said they discovered contract gaps or weaknesses with vendors only after an incident occurred.
Attackers have long understood that the quickest way into a hardened enterprise is often through its suppliers. Poorly secured remote connections, inconsistent contract terms, and lack of visibility into vendor security practices all create ideal conditions for compromise. For manufacturers, where uptime is critical and downtime can cost millions, these breaches are not abstract risks, they are real threats.
Compliance Pressures on the Horizon
Adding to the pressure is the rapidly shifting regulatory landscape. While 69 percent of respondents said their current CPS security programs adhere to established standards, such as the NIST Cybersecurity Framework or ENISA guidance in Europe, more than three-quarters (76 percent) believe emerging regulations will require a full overhaul of their strategies.
This is a global issue.
In the United States, the pendulum swings between deregulation and new mandates, creating uncertainty for industries that rely on long-term investment and planning. In Europe, initiatives like the Cyber Resilience Act and NIS2 directive are imposing stricter requirements with phased deadlines that extend through 2027.
For manufacturers operating globally, this patchwork of regulations presents a compliance burden, threatening to disrupt carefully designed security programs just as risks are rising.
The Reality of Breaches
For many organizations, the threat is not hypothetical. Among those who experienced a breach in the past year, the leading causes were malware (65 percent), exploitation of vulnerabilities (44 percent), and insider threats (36 percent). Notably, ransomware did not even top the list, despite its reputation as the most disruptive and costly cyberattack.
These findings reflect the growing diversity and sophistication of threats facing CPS environments. Malware campaigns can quietly undermine production processes, exploits can take advantage of unpatched legacy systems that remain widespread in manufacturing, and insider threats, whether malicious or accidental, continue to expose critical vulnerabilities.
Toward an Impact-Centric Security Model
Traditional, asset-centric approaches to CPS security may no longer be sufficient. Cataloging assets and patching vulnerabilities in isolation can fall short. They risk misaligned priorities, with teams addressing low-impact risks while mission-critical processes remain exposed.
An impact-centric approach prioritizes security based on potential business and regulatory consequences. By mapping risks to production lines, supply chain continuity, or hospital wings in healthcare, organizations can focus resources on threats most likely to cause operational disruption, downtime, or regulatory penalties.
AI and automation are increasingly critical in CPS protection, with 93 percent of respondents viewing AI capabilities as at least somewhat necessary. From predictive threat detection to automated incident response, AI offers a way to augment lean security teams and accelerate response times in environments where every second counts.
AI-driven insights enable manufacturers to detect anomalies, isolate compromised systems, and predict which vulnerabilities are most likely to be exploited. This not only strengthens defenses but also supports an impact-centric approach by highlighting which assets matter most to the business.
Building Resilience Amid Uncertainty
As manufacturers confront this convergence of economic volatility, regulatory shifts, and escalating cyber threats, the challenge may seem daunting. However, times of instability often drive innovation, forcing organizations to re-evaluate old practices and adopt new approaches that better align with business realities.
Manufacturers that take an impact-centric approach, embrace emerging technologies, and foster collaboration between business and security leaders will be best positioned to weather this era of uncertainty. The risks are real and growing, but so is the opportunity to build stronger, more resilient systems that can withstand the pressures of both the market and the threat landscape.
