← Back to Field Notes

December 12, 2025 · The Bloomfield Team

The Manufacturer's Guide to Cybersecurity Basics

Manufacturing became the most attacked industry sector in 2024, overtaking financial services for the second consecutive year. According to IBM's X-Force Threat Intelligence Index, 25.7% of all cyberattacks targeted manufacturers. The average cost of a data breach in manufacturing reached $4.7 million. For a 75-person shop doing $15 million in annual revenue, a breach of that magnitude represents a survival-level event.

Most manufacturers we talk to know cybersecurity matters. Few have done anything systematic about it. The reason is usually the same: the problem feels overwhelming, the solutions feel expensive, and nobody on staff has the expertise to evaluate options. This guide covers the baseline measures that prevent the most common attacks, prioritized by impact and implementation difficulty.

For a deeper look at how these ideas connect across the shop floor, see our complete guide to AI in manufacturing.

The Attack Surface Most Shops Do Not See

A typical manufacturing operation has more network-connected devices than the owner realizes. CNC machines with Ethernet connections. IoT sensors on production equipment. Security cameras running on the same network as the ERP. A wireless access point the maintenance team installed to check machine manuals on a tablet. The shop's accounting software connected to a bank. Email accounts with access to customer drawings and ITAR-controlled technical data.

Every connected device is a potential entry point. The most common manufacturing attacks in 2024 and 2025 were ransomware (encrypting data and demanding payment), business email compromise (impersonating a vendor or customer to redirect payments), and intellectual property theft (stealing drawings, tooling data, or customer specifications). All three exploit the same basic vulnerabilities.

The Six Measures That Matter Most

1. Multi-factor authentication on every account that touches business data. Email, ERP, banking, remote access, cloud storage. MFA stops 99.9% of automated account compromise attacks according to Microsoft's internal research. This single measure prevents more breaches than any other. It costs nothing beyond the time to configure it, and every major platform supports it. If you implement one thing from this list, implement this.

2. Network segmentation between office and production. Your CNC machines should not share a network with your email server. If ransomware hits an office computer through a phishing email, it should not be able to reach your production equipment. A basic network segmentation using VLANs (your IT provider or a competent network technician can configure this in a day) creates a barrier between your office network, your production network, and your guest WiFi.

3. Automated, tested backups with offline copies. Ransomware works because companies cannot afford to lose their data. If you maintain automated daily backups with at least one copy stored offline or in an air-gapped cloud environment, and you test those backups quarterly by actually restoring them, ransomware loses most of its leverage. The key word is tested. Untested backups are not backups. They are assumptions.

4. Phishing awareness training for every employee with an email account. 91% of cyberattacks begin with a phishing email. An accounts payable clerk who clicks a link in an email that appears to come from a supplier gives the attacker access to the entire network within minutes. Regular phishing simulations and short training sessions (15 minutes quarterly is sufficient) reduce click rates on malicious emails by 60 to 80% within a year.

5. Patch management on a defined schedule. Software vendors release security patches because they have discovered vulnerabilities. Those same vulnerabilities are published in databases that attackers use to find targets. Running outdated software on any network-connected device, from Windows workstations to CNC controllers with embedded operating systems, is an open invitation. Establish a monthly patch cycle for all IT systems and a quarterly review cycle for OT (operational technology) systems.

6. Access control based on job function. The estimator does not need access to HR records. The machinist does not need access to the banking portal. The bookkeeper does not need access to customer ITAR data. Limiting each account's access to only what that person's job requires means a compromised account gives the attacker access to one department's data rather than everything. This is called the principle of least privilege, and implementing it requires an afternoon of configuration in most systems.

CMMC and the Defense Supply Chain

Manufacturers that do defense work or want to pursue it face an additional requirement: CMMC (Cybersecurity Maturity Model Certification). CMMC 2.0 Level 1 requires 17 security practices, all of which are covered by the measures above. Level 2 requires 110 practices aligned with NIST SP 800-171 and applies to any manufacturer handling Controlled Unclassified Information (CUI). The Department of Defense began phasing CMMC requirements into contracts in 2025, and by 2027 compliance will be a prerequisite for most defense subcontracting work.

The shops that start building these practices now will be positioned to pursue defense work. The shops that wait will face a 12 to 18 month compliance timeline when the requirement hits a contract they want to bid.

What This Costs

For a shop with 30 to 75 employees, implementing the six baseline measures described above typically costs $15,000 to $40,000 including an initial assessment, network segmentation, backup configuration, and the first year of training and monitoring. Annual maintenance runs $8,000 to $15,000. Compared to the $4.7 million average cost of a breach, or the revenue impact of losing the ability to bid on defense contracts, the math is straightforward.

The manufacturers that treat cybersecurity as operational infrastructure, the same way they treat fire suppression or quality systems, are the ones that avoid the incident that costs ten times more to recover from than it would have cost to prevent.