Why manufacturing companies are most vulnerable to hacking - IBM
IBMArchived Jun 11, 2026✓ Full text saved
Why manufacturing companies are most vulnerable to hacking IBM
Full text archived locally
✦ AI Summary· Claude Sonnet
Subscribe
Security Manufacturing
Why manufacturing companies are most vulnerable to hacking
By Euny Hong
Published 22 April 2026
What is the most targeted industry for cyberattacks? If you guessed banking and financial services, since that’s seemingly the shortest path to people’s wallets, you’d be close, but wrong. The correct answer is the manufacturing industry, which accounted for 27.7% of cybersecurity incidents in 2025, according to IBM’s 2026 X-Force Threat Intelligence Index. This marks the fifth consecutive year that manufacturing took the not-at-all-coveted top spot.
Rami Ahola, IBM Partner and Global Industry Leader for Industrial Manufacturing, explained in an interview with IBM Think that beyond IT systems, manufacturing companies have two additional attack surfaces. The first surface, he said, is operational technology (OT), which includes both factory equipment and programmable logic controllers, or industrial computers that automate the manufacturing process. These components “are typically less sophisticated than [the IT layer] and therefore often more vulnerable,” Ahola said.
Explore the X-Force Threat Intelligence Index
The second attack surface, according to Ahola, is connected products. “In consumer-facing segments such as automotive and consumer electronics, the number of endpoints can easily be in the millions, and companies have no control over the environments the connected products get exposed to,” he said. Essentially, manufacturing companies face heightened cybersecurity risk because it isn’t enough to protect just the mainframes, software and data that make up any IT system. Each “joint” in the chain of manufacturing steps presents yet another potential point of entry for attack.
This year’s index also contains some eyebrow-raising findings that seem to confirm the old adage that the vast majority of security threats—from old-time espionage to the present-day AI-generated deepfakes—are based on openly available sources. For example, X-Force saw a 44% increase between 2024 and 2025 in the exploitation of public-facing data—a broad category that includes a company’s public website, sales brochures and social media postings.
The good news is that there are plenty of measures manufacturing companies can take to mitigate risk. For starters, Ahola said, organizations need to “take a holistic approach to cybersecurity, covering all of IT, OT and connected products.” Additionally, he advises against fragmented security practices. “Currently, too many companies have separate security organizations for each [department], leading to cracks in the armor and slower ability to detect attacks, as you can’t correlate incidents across your entire business.” In other words, in an industry riddled with large and varied attack surfaces, siloing adds insult to injury.
The latest tech news, backed by expert insights
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
First name*
Last name*
Business email*
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. Refer to our IBM Privacy Statement for more information.
Subscribe
Euny Hong
Staff Writer
IBM Think
IBM X-Force
Build cyber resilience with an X-Force discovery briefing
Book a personalized discovery briefing to explore how IBM X-Force® can help you reduce cyber risk, validate your defenses and build lasting cyber resilience with offensive and defensive expertise.
Connect with an X-Force expert
Resources
Report
Cost of a Data Breach Report
Learn how AI is transforming the threat landscape for attackers and defenders alike and gain up-to-date insights into cybersecurity threats and their financial impacts on organizations.
Read the report
Guide
IAM Practitioner Guide
Discover how IBM’s new IAM guide helps teams simplify identity sprawl, automate manual work and secure both human and non-human identities at scale.
Get the guide
Report
IBM named a Leader in Gartner® Magic Quadrant™ for Access Management
Learn how IBM leads in access management with secure authentication, SSO and adaptive access, recognized as a Leader for the third year in a row.
Read the report
On-demand webinar
Securing non-human identities: Identifying and eliminating identity-based threats
Learn how identity-based attacks are rising and how to respond, with key insights from the X-Force® Threat Intelligence Index on credential theft, phishing and identity security.
Learn more
Report
IDC MarketScape: Worldwide Identity Security Vendor Assessment
Learn how integrated identity platforms simplify access across hybrid environments with smarter visibility, adaptive governance and AI-powered threat detection.
Read the report
Identity and access management (IAM) services
Strengthen security and compliance with IBM IAM services, streamlining identity across hybrid cloud environments.
Explore IAM services
Threat detection and response services
Optimize your security program with IBM’s global, vendor-independent threat response services.
Explore threat detection services
IBM Verify
Build a secure identity foundation with IBM Verify to simplify access, improve authentication, and scale with confidence.
Explore IBM Verify
Take the next step
Book a personalized discovery briefing to explore how IBM X-Force® can help you reduce cyber risk, validate your defenses and build lasting cyber resilience with offensive and defensive expertise.
Schedule a discovery session with X-Force
Explore IBM X-Force
Products
Consulting services
Industries
Case studies
Financing
Research
LinkedIn
X
Instagram
YouTube
Podcasts
Business partners
Documentation
Events
Newsletters
Support
TechXchange community
Overview
Careers
Investor relations
Leadership
Newsroom
Security, privacy and trust
Contact IBM
Privacy
Terms of use
Accessibility
ibm.com, ibm.org, ibm-zcouncil.com, insights-on-business.com, jazz.net, mobilebusinessinsights.com, promontory.com, proveit.com, ptech.org, s81c.com, securityintelligence.com, skillsbuild.org, softlayer.com, storagecommunity.org, think-exchange.com, thoughtsoncloud.com, alphaevents.webcasts.com, ibm-cloud.github.io, ibmbigdatahub.com, bluemix.net, mybluemix.net, ibm.net, ibmcloud.com, galasa.dev, blueworkslive.com, swiss-quantum.ch, blueworkslive.com, cloudant.com, ibm.ie, ibm.fr, ibm.com.br, ibm.co, ibm.ca, community.watsonanalytics.com, datapower.com, skills.yourlearning.ibm.com, bluewolf.com, carbondesignsystem.com, openliberty.io