Five Weeks of Silence on the Factory Floor
In 2025, a cyberattack forced Jaguar Land Rover to halt assembly lines across the UK, Slovakia, Brazil, and India, disrupting manufacturing operations for nearly five weeks. The cyberattack forced Jaguar Land Rover to halt production for weeks across multiple manufacturing sites. Industry estimates place the direct financial impact in the hundreds of millions of dollars, while broader economic losses to the UK Businesses were estimated at nearly £2.5 billion. The disruption didn’t stop at JLR’s own gates. It rippled through the company’s multi-tier supplier network and out to dealerships, a reminder that in modern manufacturing, one company’s cybersecurity incident quickly becomes an entire ecosystem’s operational crisis.
JLR was not an isolated case. In the third quarter of 2025 alone, Dragos recorded 742 ransomware incidents affecting industrial organisations worldwide, with manufacturing accounting for 72% of those incidents. The IBM X-Force Threat Intelligence Index 2026 puts manufacturing at 27.7% of all cyberattacks in 2025, making it the most targeted sector for the fourth consecutive year.
Why Cybercriminals Are Increasingly Targeting the Manufacturing Sector
Manufacturers make an attractive target for a simple reason: downtime is expensive, and attackers know it. Resilience’s manufacturing claims data reinforces this economic reality. Although ransomware represented only 12% of manufacturing cyber insurance claims, it accounted for 90% of total incurred financial losses, demonstrating how a relatively small number of attacks create disproportionately severe business impact.
Unplanned downtime is estimated to cost Fortune 500 companies roughly 11% (estimated around 1.4 $ Trillion dollars) of annual revenue, which gives ransomware groups significant leverage to extract payment quickly. Check Point research found manufacturers facing an average of around 1,585 attempted attacks per week, with overall attacks on the sector rising 30% year over year.
Three structural factors make manufacturing especially exposed:
- Legacy OT systems also remain difficult to secure. Resilience found that software vulnerability exploitation accounted for approximately 13% of financial losses, while many legacy production systems cannot be patched without interrupting operations.
- IT/OT convergence, which has quietly erased the air gap that used to separate factory floor systems from corporate networks and the internet, so an intrusion that starts in enterprise IT can now cascade directly into production environments.
- Sprawling supplier ecosystems, where a single compromised vendor can cascade into hundreds of downstream manufacturers, as seen when a compromised logistics SaaS provider disrupted operations for multiple global retailers in 2025.
Industry forecasts indicate the number of connected IoT devices will continue to grow rapidly through 2030. For manufacturers, every additional sensor, actuator, gateway, and connected machine expands the potential attack surface, increasing the need for continuous visibility into applications and APIs. At the same time, supply chain attacks against industrial organisations nearly doubled over the past year, underscoring how interconnected these ecosystems have become.
How AI Is Changing the Speed and Scale of Manufacturing Attacks
This isn’t just a hook. AI is genuinely reshaping how attackers operate against manufacturers, and defenders are having to adapt in real time.
Threat intelligence from Dragos shows ransomware groups are increasingly incorporating AI into their operations. In Q1 2025, Dragos documented AI-driven malware used by the ransomware group FunkSec to improve code obfuscation and evade traditional security controls. The report also found attackers using AI-generated phishing campaigns and highly personalized social engineering to improve the success rate of credential theft and initial access into industrial organizations.
AI is also accelerating reconnaissance. Where an attacker once spent months manually mapping a target’s vendor ecosystem, automated tools can now scan thousands of suppliers in minutes, identifying weak points across an entire supply chain almost instantly. That speed matters because it compresses the window defenders have to detect and respond before an intrusion becomes an operational incident.
Why Static Security Tools Can’t Protect Smart Manufacturing Environments
Traditional perimeter security and standard web application firewalls were built for a world of predictable web traffic and a clear boundary between “inside” and “outside” the network. Smart manufacturing doesn’t work that way anymore.
Factories nowadays run on APIs that connect ERP systems, supplier portals, IIoT sensors, and cloud-based manufacturing execution systems, often with limited visibility into which of those APIs are actually exposed to the internet. Many of the frameworks manufacturers are now expected to align with, including IEC 62443 and NIST 800-82, assume exactly this kind of continuous visibility, which static, perimeter-only tools cannot provide.
This creates two gaps legacy tools weren’t designed to close. First, undocumented or forgotten APIs, commonly called shadow APIs, accumulate as manufacturers integrate new IIoT devices and supplier connections faster than security teams can track them. Second, automated bots increasingly target the web-facing systems manufacturers rely on for ordering, inventory, and supplier authentication, using credential stuffing and scraping techniques that a conventional firewall simply isn’t built to recognise.
Industry Update: CERT-In's 2026 Guidance Reflects This Shift
In June 2026, CERT-In issued enhanced cybersecurity recommendations for OEMs and technology providers, encouraging organisations to move beyond periodic security testing and adopt continuous protection practices, including:
The message is clear: Protecting smart manufacturing now requires continuous visibility into applications, APIs, and connected systems,not just perimeter security.
How Cloud-Native AI WAAP Secures Connected Manufacturing Systems
Manufacturing organisations need more than a traditional web application firewall. Modern Web Application and API Protection (WAAP) combines WAF, API security, bot mitigation, and runtime threat detection into a unified defence layer that protects the applications, APIs, and digital services powering today’s smart factories.
This is particularly important in manufacturing, where automated bots are increasingly used to target supplier portals, inventory systems, customer platforms, and APIs before larger attacks are launched.
A modern WAAP for smart factories helps manufacturers:
- Stop malicious bots performing credential stuffing, account takeover, web scraping, and automated reconnaissance against supplier and customer portals.
- Protect APIs connecting ERP, MES, IIoT, cloud platforms, and third-party supply chain applications.
- Detects abnormal application and API behaviour using AI behavioural analysis and AI based threat detections rather than static rules alone.
- Maintain application availability during Layer 7 DDoS attacks targeting production, inventory, and ordering systems.
- Reduce supply chain risk by improving visibility across applications, APIs, and connected digital services with real time API discovery and runtime protection.
Cloud WAAP for Supply Chain and Logistics Systems
Because a single compromised vendor can cascade across hundreds of downstream manufacturers, protection has to extend beyond the factory’s own applications to the connective tissue between partners. A cloud WAAP for supply chain logistics secures the supplier portals, logistics SaaS integrations, ordering APIs, and third-party connections that attackers increasingly use as an entry point.
Delivered from the cloud, this model scales elastically with traffic spikes, protects distributed and multi-cloud environments without hardware, and gives security teams a single real-time view of API and application risk across the entire supplier ecosystem. exactly the continuous visibility that IEC 62443, NIST 800-82, and CERT-In’s 2026 guidance now expect.
Choosing the Best WAAP for Manufacturing Infrastructure
Not every WAAP is built for the realities of a factory floor. When evaluating the best WAAP for manufacturing infrastructure, prioritise a platform that can:
- Discover shadow, zombie, and legacy-connected APIs continuously not through periodic scans.
- Protect legacy and VPN-accessed applications that cannot be patched without downtime, using virtual patching.
- Deploy across cloud, multi-cloud, on-premise, and Kubernetes environments common in manufacturing IT stacks.
- Manage bots and credential-stuffing attacks against supplier and ordering portals.
- Absorb Layer 7 DDoS without impacting production, inventory, or ordering systems.
- Deliver sub-millisecond decisioning so protection never adds latency to time-sensitive operations.
- Offer self-serve or fully managed operation, so teams without a large SOC can still run enterprise WAAP for the manufacturing industry.
A platform that meets these criteria functions as a true manufacturing application security platform securing modern and legacy systems together, rather than bolting API and bot defences onto a perimeter tool that was never designed for connected production environments.
How Prophaze Is Redefining Security for Smart Manufacturing
Manufacturers are facing a threat landscape shaped by AI-accelerated attacks, expanding IIoT footprints, and deeply interconnected supplier ecosystems, often without the dedicated security resources of larger enterprises in other sectors.
Prophaze addresses these challenges through a unified, AI-native WAAP solution for manufacturing that supports cloud, multi-cloud, on-premise, and Kubernetes environments. As a manufacturing application security platform. It delivers,
- AI Threat Detection Engine - Blocks advanced attacks using real-time behavioral analysis.
- Runtime API Discovery - Finds shadow, zombie, and legacy-connected APIs across systems.
- Continuous Learning Model - Automatically adapts to evolving threats without rule updates.
- Automated Zero-Config Protection - Stops zero-days, bot abuse, and API attacks instantly.
- Behavioral Profiling - Detects abnormal activity by learning normal system behavior.
- Kubernetes-Native Architecture - Ensures scalable protection across hybrid environments.
- Self-Serve or Fully Managed - Flexible deployment based on operational needs.
- Sub-Millisecond Decisioning - Protects production systems without latency impact.
Proven in Manufacturing
One leading cement manufacturer deployed Prophaze WAAP to protect more than 200 legacy and VPN-accessed applications from sustained application-layer attacks without disrupting production operations.
Real-world Results
- 180M+ malicious requests blocked
- 12.5 Gbps peak Layer 7 attack traffic absorbed
- 100% production and operational uptime maintained
See how a leading cement manufacturer protected 200+ legacy applications while maintaining 100% operational uptime.
Read the full manufacturing case study →
As manufacturers continue to digitise operations, securing applications and APIs is no longer optional. Prophaze helps organisations stay resilient against evolving threats without compromising the availability of business-critical production systems.
- Can You Afford the Next Production Outage?
Every connected application, API, and supplier integration expands your manufacturing attack surface. The question isn’t whether attackers will target them,it’s whether you’ll detect and stop them before production is affected. Prophaze helps manufacturers secure modern applications and legacy systems with AI-native WAAP built for today’s smart factories.
Frequently Asked Questions (FAQ)
1. What is a WAAP solution for manufacturing?
A WAAP solution for manufacturing is a Web Application and API Protection platform that combines a web application firewall, API security, bot management, and runtime threat detection into one layer. It protects the applications, APIs, supplier portals, and connected systems that run smart factories addressing the shadow APIs and automated bot traffic that legacy firewalls were not designed to inspect.
2. Why is manufacturing the most targeted sector for cyberattacks?
Manufacturers depend on continuous uptime, and downtime is extremely costly, giving ransomware groups strong leverage. Legacy OT systems, expanding IIoT footprints, and complex supplier ecosystems further widen the attack surface. Which is why manufacturing was the most-attacked sector for the fourth year running in the IBM X-Force Threat Intelligence Index 2026.
3. How is AI changing cyberattacks against manufacturers?
Threat actors are using AI to power more convincing phishing campaigns, adaptive malware that evades detection, and automated reconnaissance that maps supplier ecosystems in minutes instead of months compressing the time defenders have to respond.
4. What is WAAP and why does it matter for smart factories?
WAAP (Web Application and API Protection) unifies a web application firewall, API security, and bot management. WAAP for smart factories matters because factories now run on APIs connecting ERP, MES, and IIoT systems, plus web-facing portals that legacy firewalls can’t fully inspect.
5. Do manufacturers need a cloud WAAP for supply chain and logistics?
Yes. Because a single compromised supplier or logistics SaaS provider can cascade across an entire manufacturing network, a cloud WAAP for supply chain logistics protects supplier portals, ordering APIs, and third-party integrations while scaling elastically without added hardware.