In today’s rapidly evolving digital landscape, the manufacturing industry faces unprecedented cybersecurity challenges. I’m thrilled to sit down with Kwame Zaire, a seasoned expert in manufacturing with a deep focus on electronics, equipment, and production management. Kwame is also a recognized thought leader in predictive maintenance, quality, and safety, making him the perfect person to unpack the critical insights from the latest research on cyber resilience in manufacturing. In this conversation, we dive into the rising threats like AI-powered attacks and DDoS disruptions, the struggle for supply chain visibility, and how manufacturers are shifting their mindset to prioritize cybersecurity as a core business strategy.
How do you see the current state of cyber resilience in the manufacturing industry, especially in light of recent research findings?
The state of cyber resilience in manufacturing is at a critical juncture. Recent research, like the 2025 Spotlight Report, highlights that while the industry is making strides, there are still significant gaps. Manufacturers are increasingly targeted by sophisticated threats due to their reliance on connected technologies and automation. What’s clear is that cyber resilience isn’t just an IT issue anymore—it’s a business priority. Many organizations are waking up to the fact that a breach can disrupt production, damage customer trust, and even impact supply chains. But the readiness to tackle these threats varies widely, and that’s a big concern.
What do you think are the most pressing cybersecurity challenges manufacturers face today?
I’d say the rapid adoption of new technologies like AI and IoT is a double-edged sword. They drive efficiency and innovation, but they also expand the attack surface. The research shows a growing fear of AI-powered attacks, deepfakes, and synthetic identity fraud. These aren’t just theoretical risks—they can manipulate data or impersonate key personnel, leading to devastating breaches. On top of that, data security and privacy remain huge hurdles, especially with limited visibility into software supply chains. Without knowing where vulnerabilities lie, manufacturers are often playing catch-up after an attack rather than preventing it.
Why do you believe AI-powered threats and deepfakes are becoming such a prominent concern for the industry?
These threats are on the rise because cybercriminals are leveraging AI to create more convincing and scalable attacks. Deepfakes, for instance, can replicate a CEO’s voice or image to trick employees into transferring funds or sharing sensitive data. Manufacturing is particularly vulnerable because it often involves high-stakes operations and interconnected systems. If a bad actor uses AI to manipulate production data or impersonate a supplier, the ripple effects can halt operations or compromise safety. The technology behind these attacks is becoming more accessible, which means we’re likely to see even more of them in the near future.
With geopolitical tensions contributing to the rise in DDoS attacks, how are these global dynamics impacting manufacturers specifically?
Geopolitical tensions often lead to state-sponsored or ideologically driven cyberattacks, and DDoS attacks are a favored tool because they can overwhelm systems and disrupt operations with relatively low effort. For manufacturers, this is a nightmare—production lines are time-sensitive, and even a short downtime can cost millions. These tensions create a climate where critical infrastructure, including manufacturing, becomes a target to weaken economies or send political messages. The challenge is that many companies don’t have the robust defenses or redundancy in place to withstand such disruptions.
Why do you think so many manufacturing executives feel unprepared to handle these sophisticated threats?
A lot of it comes down to a lack of resources, expertise, and foresight. Building defenses against AI-driven threats or DDoS attacks requires specialized skills and significant investment, which many manufacturers haven’t prioritized until recently. There’s also a historical mindset in the industry that cybersecurity is an IT problem, not a core business risk. With only a small percentage of executives feeling equipped to handle these threats, it’s clear there’s a gap in training, technology, and strategic planning. The speed at which threats evolve doesn’t help—by the time a solution is implemented, the attack vectors have often changed.
Turning to the supply chain, why is achieving visibility into software supply chains such a persistent challenge for manufacturers?
Supply chains in manufacturing are incredibly complex, often involving dozens or hundreds of vendors, each with their own software and security practices. Getting a clear picture of every component—down to the code in a piece of equipment—is like trying to map a spiderweb. Many companies lack the tools or processes to track these dependencies, and vendors aren’t always transparent about their own vulnerabilities. This blind spot means a single weak link, like a compromised software update, can expose the entire operation to risk.
How are manufacturers starting to integrate cybersecurity into their broader business strategies, and what does this shift look like?
There’s a growing recognition that cybersecurity isn’t just about protecting data—it’s about protecting the business itself. I’m seeing more companies tie security initiatives to business goals, with leadership being held accountable through specific metrics. This means cybersecurity is now part of the conversation at the board level, not just in the IT department. Budgets are being allocated upfront for new projects, and there’s a push to build a culture where everyone, from the factory floor to the C-suite, understands their role in security. It’s a shift from reactive firefighting to proactive planning.
What impact does educating the workforce on social engineering tactics have on overall cyber resilience?
Educating the workforce is one of the most effective ways to build a strong defense. Social engineering, like phishing or pretexting, often exploits human error, not technical flaws. When employees are trained to spot suspicious emails or verify unusual requests, it creates a human firewall that can stop attacks before they escalate. It’s encouraging to see a high percentage of organizations focusing on this, because technology alone can’t solve the problem. A vigilant team can be the difference between a minor incident and a full-blown breach.
What practical steps can manufacturers take right now to strengthen their cyber resilience?
First, they need to align cybersecurity with business decisions at the highest level—make it a priority for executives, not just IT. Second, invest in visibility tools to map out and monitor the software supply chain; knowing where risks lie is half the battle. Third, train everyone in the organization to recognize threats like phishing and report them without fear of blame. Finally, partnering with external providers can bring in expertise and resources to shore up defenses, whether it’s through strategy consulting, training, or verifying supplier security. These steps aren’t glamorous, but they build a solid foundation.
Looking ahead, what is your forecast for the future of cybersecurity in manufacturing over the next few years?
I think we’re going to see cybersecurity become even more embedded in manufacturing’s DNA. As threats like AI-powered attacks and DDoS continue to grow, companies that don’t adapt will struggle to survive. I expect more investment in machine learning and generative AI defenses to counter social engineering and other sophisticated threats. We’ll also likely see tighter regulations around supply chain security, pushing manufacturers to prioritize transparency. My hope is that the industry continues to shift toward proactive resilience, treating cybersecurity as a competitive advantage rather than a burden. It’s a challenging road, but the stakes couldn’t be higher.
