UK Industry Guide
Cyber security for UK small and medium manufacturers
Manufacturers face a unique mix of IT and OT (operational technology) risk: ransomware that halts production lines, IP theft, and supply-chain compromise via Tier-1 customers like automotive, aerospace and defence.
Avg loss per incident
£195,000
Top regulations
UK energy cyber tools
Top threats
OT ransomware
Attackers encrypt production scheduling, MES or HMI systems to halt manufacturing.
IP and design theft
Targeted intrusions stealing CAD files, patents and tooling specifications.
Supply-chain blast-radius attacks
SMEs in JLR, BAE or Airbus supply chains hit to pivot into the prime contractor.
Quick wins
- 01Air-gap or strictly segment OT networks from corporate IT
- 02Inventory every internet-exposed device — VPNs, RDP, ICS interfaces
- 03Maintain offline backups of MES, ERP and CAD repositories
- 04Achieve Cyber Essentials Plus to meet DEFCON 658 / TISAX requirements
Frequently asked questions
Do I need Cyber Essentials Plus to win MOD or automotive work?▶
Yes — DEFCON 658 mandates Cyber Essentials for any MOD contract over £5m and frequently for sub-contractors. Many automotive primes require it for Tier-1 and Tier-2 suppliers.
What's the difference between IT and OT security?▶
IT covers email, file servers and laptops. OT covers PLCs, SCADA, HMIs and robotics — equipment running production lines, often on legacy operating systems that can't be patched easily.
Get your sector-specific risk score
A 5-minute AI assessment with a downloadable PDF tailored to manufacturing.