Cyber threats against manufacturing are rising fast, pushing leaders to focus on resilience, but fewer than half are ready for AI-powered, supply chain, or DDoS attacks, according to new LevelBlue Research. The study highlights how manufacturers are working to defend against increasingly advanced threats as they adopt AI to streamline operations and boost automation.
In its report titled ‘2025 Spotlight Report: Cyber Resilience and Business Impact in Manufacturing,’ LevelBlue disclosed that manufacturing organizations expect a rise in AI-powered attacks, deepfakes, and synthetic identity attacks in 2025; however, many are not prepared for them. About 32% of manufacturing executives say they are equipped for AI-powered threats, and 30% feel their organization is ready for deepfake attacks. Simultaneously, organizations face an increase in distributed denial of service (DDoS) attacks amid rising geopolitical tensions, with 37% of manufacturing executives reporting they are prepared for them. Data security and privacy are still the biggest challenges, with 54% of organizations reporting very low to moderate visibility into the software supply chain.
In response to these threats, manufacturers are cultivating a cybersecurity-first culture by linking security initiatives directly to business strategy. As an industry, these organizations are taking actionable steps: 65% say leadership roles are now measured against cybersecurity key performance indicators (KPIs), and 70% are educating the workforce about social engineering tactics.
“Cyber resilience is no longer optional—it’s becoming a strategic imperative for manufacturers in order to maintain customer and supply chain trust,” Kory Daniels, LevelBlue chief security and trust officer, said in a Wednesday media statement. “While it’s encouraging to see increased alignment between cybersecurity initiatives and business goals, the data shows that many organizations still face critical gaps in alignment. Corporate executive alignment and a proactive, adaptive approach are essential to staying ahead of rapidly evolving threats.”
LevelBlue reported that manufacturing executives increasingly recognize that they cannot afford to overlook cybersecurity. Rising risks and a fast-developing threat landscape are elevating the importance of cyber resilience on the C-suite agenda, yet many organizations appear overly confident in their ability to manage these threats. 28% of manufacturing executives said their organization suffered a breach in the past 12 months, while 37% reported facing a significantly higher volume of attacks.
At the same time, 65% said that media reports of high-profile breaches have pushed cybersecurity higher on the leadership agenda. Despite these concerns, 51% expressed confidence that their organizations are highly or very highly competent at defending against adversaries using artificial intelligence techniques.
LevelBlue research shows that manufacturers are beginning to embed resilience into their innovation strategies, with 55% now allocating cybersecurity budgets at the outset of new initiatives. Another 69% said that adopting an adaptive approach to cybersecurity allows them to take greater innovation risks.
Key areas drawing additional investment include machine learning for pattern matching, cited by 71%, and broader cyber resilience processes across the business, reported by 69%. Investments are also going into application security at 67%, generative AI defenses against social engineering at 64%, and stronger software supply chain security at 63%.
The report identifies that manufacturers expect AI-powered attacks, deepfakes, and synthetic identity fraud to emerge in 2025. Yet many are not ready to meet these challenges. Only 32% said they feel prepared for AI-driven threats, even though 44% believe they will materialize. Similarly, 30% of executives said their organizations are prepared for deepfake attacks, despite 47% expecting them to occur.
Visibility into the software supply chain remains limited, with more than half of executives, 54%, saying they have only very low to moderate insight. Only 19% consider insufficient visibility to conduct security assessments to be a very high risk, 18% see unsupported software as a very high risk, and 13% rate open-source code, libraries, and frameworks as a very high risk.
LevelBlue reported that about 26% considered engaging with software suppliers about their security credentials to be a priority over the next 12 months, leaving organizations vulnerable as they adopt under-regulated AI tools that could pose risks across the extended ecosystem.
There are, however, signs of progress in how companies are embedding cyber resilience into business operations. 68% of executives said their cybersecurity teams are aligned with individual business units, and 65% reported that leadership roles are now being measured against cybersecurity KPIs.
The report mentioned that manufacturing organizations recognize that they cannot do this alone. “More than one-third (38%) expect to enlist cybersecurity consultants in the next two years to help them understand the increasingly complex and dynamic threat landscape, a similar number to the 36% that have done so over the past 12 months. But they are also increasingly turning to cybersecurity insurance advisors, perhaps in response to the growing number of attacks that they are defending against. Over the last 12 months, just 29% said they had sought outside help in this area, compared with 40% who expect to do this over the next two years.”
LevelBlue recognized that manufacturing organizations are at a turning point with artificial intelligence. While AI adoption is becoming more mainstream, it remains relatively new and largely unregulated, creating opportunities for threats to slip through the cracks and for adversaries to exploit vulnerabilities. The way decision-makers respond in 2025 will be critical to the future of their businesses.
Strengthening cyber resilience will require greater engagement from leadership, including board members, to establish resilience as a core business requirement. Executives will need to align cybersecurity considerations with strategic decisions and measure leadership roles against cybersecurity performance indicators.
Organizations must also take a proactive and intentional approach by investing in advanced threat detection and response, exposure management, and vulnerability management technologies. Partnering with external providers can further enhance cybersecurity strategies, deliver training, and provide the expertise needed to address complex risks. Transitioning to a Zero Trust Architecture will lay the groundwork for a multi-layered defense.
Building a culture of cyber resilience is equally important. This means practicing safe online behaviors at every level, encouraging employees to report potential threats, making it easy to do so, and implementing regular training programs that highlight emerging risks and best practices.
Finally, companies must strengthen the resilience of their software supply chains. This involves verifying suppliers’ security credentials, creating confidence ratings to improve visibility across the chain, and conducting regular assessments to ensure vulnerabilities are identified and addressed.
