Industry Insight

78% of UK Manufacturers Hit by Cyber Incidents: What the ESET Report Means for Your Business

> industry.report —— sector: UK Manufacturing —— incidents_12_months: 78% —— six_figure_losses: 52% —— downtime: 1-7_DAYS —— message: YOU_ARE_A_TARGET<span class="cursor-blink">_</span>_

Hedgehog Security 10 April 2026 9 min read
manufacturing eset cyber-incidents it-ot operational-technology supply-chain jlr ransomware uk-business
The Data

Three out of four UK manufacturers have been breached.

New research published by ESET in April 2026 paints a stark picture of the cyber threat facing UK manufacturing. Based on a survey of 500 senior manufacturing decision-makers, the findings confirm what the JLR attack demonstrated at catastrophic scale: manufacturing is now one of the most targeted and most vulnerable sectors in the UK.

78% Hit in the Past 12 Months
More than three-quarters of UK manufacturers experienced a cybersecurity incident in the past year. This is not a risk that might affect your business in the future — statistically, it has probably already affected it.
52% Suffered Six-Figure Losses
Over half of those affected reported costs exceeding £250,000 per incident, with nearly one in five facing losses above £1 million. These costs include lost revenue during downtime, recovery and remediation expenses, reputational damage, and third-party investigation.
75% Experienced 1–7 Days Downtime
Three out of four manufacturers that suffered an incident experienced between one and seven days of operational downtime. For a sector built on just-in-time production, even a single day of unplanned downtime can cascade through supply chains and contractual obligations.
46% Cite AI-Enabled Attacks as Top Risk
Nearly half of respondents identified AI-enabled attacks as the key risk to production in the coming year — overtaking traditional threats like phishing and ransomware. The manufacturing sector is already seeing more sophisticated, automated attacks that adapt in real time.
Post-JLR
Recommended

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call

These numbers have a £1.9 billion footnote.

The ESET findings land in the shadow of the Jaguar Land Rover attack — the most economically damaging cyber event in UK history, which halted production for five weeks and cost the wider economy an estimated £1.9 billion. JLR demonstrated the catastrophic end of the spectrum; the ESET data shows that smaller-scale incidents are affecting the overwhelming majority of the sector.

The convergence of IT and OT in modern manufacturing means that a cyber attack is no longer confined to data theft or email disruption — it can halt production lines, freeze supply chains, and cause physical-world consequences measured in lost vehicles, missed deliveries, and unemployed workers. The ESET finding that 95% of incidents resulted in business disruption confirms that cyber attacks on manufacturers are operational events, not merely IT events.

What to Do

Five priorities for manufacturing cyber resilience.

Priority Action
1. Defend the IT/OT boundary Segment your IT and OT environments. Ensure that a compromise in email, ERP, or office systems cannot cascade to production line controllers, SCADA systems, or robotics. The JLR attack showed what happens when this boundary fails. Test it through penetration testing.
2. Implement phishing-resistant MFA The Scattered Spider methodology — 'log in, not hack in' — relies on stolen credentials. Phishing-resistant MFA (hardware keys, passkeys) makes stolen passwords useless. Standard SMS or app-based MFA is better than nothing but can be bypassed by determined attackers.
3. Achieve Cyber Essentials Plus CE+ provides a verified baseline of the five core controls — patch management, secure configuration, access control, malware protection, and firewalls — that address the most common attack vectors. For manufacturers, CE+ is increasingly expected by customers, insurers, and (soon) regulators.
4. Plan for operational disruption Develop and test an incident response plan that specifically addresses production shutdown scenarios. How will you communicate with suppliers? How long can you sustain operations without IT systems? What manual workarounds exist? Test this through tabletop exercises.
5. Secure your supply chain Assess the cyber security posture of your critical suppliers. A breach at a key component supplier can halt your production as effectively as a breach at your own facility. Include security requirements in contracts and verify compliance.
Protect Your Manufacturing Operations

78% of UK manufacturers have been hit. Is your production line next?

Our manufacturing security assessments cover the full attack surface — from IT/OT boundary testing to social engineering assessments to supply chain security reviews. We help manufacturers build the operational resilience that the current threat landscape demands.

Commission a Manufacturing Security Assessment Read: The JLR Breach Deep Dive
Next Step

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call
Keep Reading

Related Articles

Breach Analysis 2 December 2025

The Jaguar Land Rover Breach: The £1.9 Billion Attack That Rewrote the Rules

A comprehensive deep-dive analysis of the September 2025 Jaguar Land Rover cyber attack — the most economically damaging cyber event in British history. Examines how the Scattered LAPSUS$ Hunters collective used social engineering and credential abuse to halt production for five weeks, costing £196 million directly and £1.9 billion across the UK economy. Covers the March 2025 HELLCAT precursor breach, the IT-to-OT cascade that turned a digital intrusion into a physical shutdown, the supply chain devastation affecting 5,000 organisations, the Bank of England GDP impact, and detailed assessments of how penetration testing and Cyber Essentials Plus certification could have reduced the catastrophic impact.

breach-analysis jaguar-land-rover
35 min read
Anatomy of a Breach 30 September 2025

Anatomy of a Breach: Jaguar Land Rover — Manufacturing Halted, Staff Sent Home, and Revenue Hit by Ransomware

Breach #201. In September 2025, UK car manufacturer Jaguar Land Rover (JLR) was hit by a cyber attack that severely disrupted production at its Halewood plant in Merseyside, forcing staff to stay home while the company responded. The incident, reportedly claimed by a group calling itself Scattered Lapsus$ Hunters, prevented car dealers from registering new JLR vehicles — during one of the busiest periods for new car registrations in the UK. JLR subsequently revealed that the attack had a significant financial impact on its revenue. The M&S and JLR attacks together constituted the most damaging year for UK corporate cybersecurity on record.

jaguar-land-rover jlr
13 min read
Sector Analysis 25 December 2025

Sector Under the Microscope: Cyber Security for Manufacturing

Part 5 of our Sector Under the Microscope series. An examination of cyber threats facing UK manufacturers — the convergence of IT and OT, industrial control system vulnerabilities, ransomware targeting production lines, intellectual property theft, and the security priorities for organisations where downtime is measured in thousands of pounds per hour.

manufacturing ot-security
12 min read
All Posts Get in Touch