Inside the growing cyber threat to manufacturing supply chains
Manufacturing supply chains have always been built for speed and precision. But now, they also need to be built for resilience. As operations have become more connected, cyber risks have grown more complex, testing even the most well-oiled systems, says Mike Dwyer.
RECENT HIGH-PROFILE cyberattacks have brought this risk into sharp focus, with operational outages disrupting production at major retailers and car manufacturers. Such incidents are a stark reminder that the days of treating cybersecurity as an isolated IT concern are long gone. Supply chain security is now business security.
Capgemini’s latest research underscores this shift: 74% of manufacturing executives now rank cybersecurity as a top supply chain concern. This change is well justified. Between 2019 and 2022 alone, cyberattacks on supply chains surged by an astonishing 742%, and have continued surging since. What was once a back-office issue has become a boardroom priority.
Why supply chains are a prime target
Bitsight TRACE’s 2025 State of the Underground report identifies manufacturing as the most targeted industry for the third year running. So, what makes manufacturing so vulnerable?
The answer lies in the very nature of modern supply chains: highly interconnected, digitalised ecosystems spanning multiple supplier tiers and geographies. Each ERP system, IoT-enabled machine, and supplier represents a potential entry point for cybercriminals. In some quarters it’s likened to playing whack-a-mole with cyber threats – and the game has gone up a level in recent months. According to a survey by the Chartered Institute of Procurement & Supply, nearly one-third of business leaders have reported an increase in cyber-attacks targeting their supply chains over the past six months.
As highlighted in the Capgemini Research Institute’s 2025 Next-Generation Supply Chain report, organisations can’t keep relying on point fixes to these constant threats. Across-the-board resilience is now a strategic imperative. Manufacturing leaders must build supply chains that possess the agility to withstand disruptions caused by geopolitical unrest, environmental shocks, or cyberattacks.
Cybersecurity as a continuity issue
Far from just a security failure, a cyber breach is a business continuity crisis with far-reaching consequences. One breach can ripple across the entire value chain, causing disrupted operations, delayed shipments, loss of intellectual property, supplier shutdowns, reputational damage, and regulatory penalties. This domino effect can stall entire ecosystems, paralysing hundreds of suppliers and creating bottlenecks that impact whole economies.
Many still view cybersecurity investments as protecting technology, but it’s fundamentally about protecting value – ensuring operational uptime, safeguarding customers, and maintaining a competitive edge. According to our research, 77% of manufacturing leaders agree that modernising supply chain practices enhances both efficiency and resilience. Those that fail to do so risk falling behind – or worse, falling victims.
Resilience drives competitive advantage
The rise of AI-powered and agentic supply chains adds a new layer of intelligence – crucial to what we now call next-generation supply chains. 58% of executives believe AI will fundamentally reshape supply chain operations.
We define next-generation supply chains as sustainable, adaptable, and digitally intelligent. They leverage AI, digital twins, IoT, and predictive analytics to monitor and manage risk in real time. Crucially, they emphasise supplier diversity, regional sourcing, and cross-tier visibility – reducing dependency on vulnerable nodes and enhancing response agility.
However, as digital complexity grows, so does the attack surface. New technologies bring new risks, requiring automation to be paired with robust governance and cybersecurity controls. Organisations must prioritise real-time threat detection, standardised cybersecurity protocols across all supplier tiers, and strong partnerships with cybersecurity experts.
Cyber risk can no longer be treated as a downstream operational issue – it must be embedded in strategic planning right across product design, procurement, and logistics.
The rising cost of inaction
There’s a tendency in some manufacturing circles to view cybersecurity as an insurance policy or a cost centre. That mindset is increasingly risky, not to mention expensive. Reactive spending after a cyber event is significantly higher than investing in resilience up front.
It’s best to think of cybersecurity measures as digital shock absorption; building systems that absorb and recover from disruptions without halting operations. Therein lie performance gains as well as safety: Capgemini research shows that 61% of manufacturers investing in risk management are also reducing operational costs.
It goes to show that cybersecurity and cost efficiency are not mutually exclusive. The most resilient supply chains are often the most efficient, designed with flexibility, visibility, and data-driven decision-making at their core.
Leadership in the age of cyber-aware supply chains
Looking to the now, in 2025, and beyond, almost three quarters of global manufacturing leaders see next-generation supply chains as a top leadership priority. This responsibility extends beyond CIOs and CSOs – it demands shared ownership across operations, procurement, IT, and strategy teams.
Leading organisations will integrate cybersecurity at every stage of supply chain design and execution, invest in cross-functional training to build cyber fluency beyond IT teams, and adopt real-time monitoring and AI-powered risk modelling. They’ll also foster strong partnerships with suppliers, logistics providers, and cybersecurity specialists.
In essence, cybersecurity today is about creating smarter, faster, and more competitive supply chains – the kind that can thrive under pressure and pivot with speed. Because in the new era of connected manufacturing, resilience is the new efficiency.
Mike Dwyer, UK head of intelligent industry, Capgemini
Mike leads the Intelligent Industry Centre of Expertise (CoEx) in the UK and brings a deep knowledge of Industry 4.0 and how it transforms the worlds of engineering, manufacturing, service, and operations and through the process, systems, data, people & culture change. Mike is an experienced digital engineering consulting and delivery lead with 25 years of working in R&D, engineering development and digital transformation for Rolls-Royce Defence and Siemens Germany. Mike has worked in other organisations across a variety of sectors including Aerospace & Defence, Power Generation, Rail, Oil and Gas, Formula 1, and Electronics & High-Tech.
