March 01, 2023

How Modern Manufacturing Plants Can Protect Against Ransomware, Cyberattacks

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

To help protect against criminal ransomware and cyberattacks, modern manufacturing plants should ensure they have reasonable physical, administrative, and technical safeguards in place.

Manufacturing plants in the 21st century utilize multiple computerized operating systems to help collect, analyze, and store data. These systems physically control much of the machinery and production in their facilities. The sophisticated interplay of these systems and components have helped drive productivity and profitability for manufacturers. But this integration has also made manufacturers more vulnerable to ransomware and cyberattacks.

According to a report by the National Association of Manufacturers, the manufacturing industry accounted for the majority of ransomware incidents in 2021. Other reports saw an increase in attacks targeting manufacturing in 2022, with up to 75 percent of attacks targeting the manufacturing sector. Another troubling statistic: more than half of affected manufacturers were not able to restore from data backups.

Anatomy of a Cyberattack Against Manufacturers

A manufacturing company, like most companies, probably would not know it has been hit by a ransomware attack until its systems, including the entire manufacturing floor, are shut down and inaccessible. In many instances, the company's entire operations grind to a halt. With modern just-in-time delivery systems the norm in manufacturing, even a shutdown of a few days can be devastating, especially where affected plants are the only source of a key part or product. The threat actors know the company will be losing significant sums of money, and risk losing customers, every day of a shutdown — and they will use this to force a ransom payment.

Even when a company pays the ransom, however, there is no guarantee the company will be able to quickly resume operations. Often, getting a manufacturer's systems up and running again can take days or weeks. Some systems may even be unrecoverable and would need to be replaced entirely.

Importance of Data Backups

Viable data backups are critical in allowing a manufacturer to quickly rebuild and resume operations following a cyberattack. Therefore, one of the first moves typically undertaken by a threat actor is to delete any on-site backups. For the best protection, manufacturers should consider offsite or cloud-based backup solutions as part of their overall data backup strategy. Offsite backups can help manufacturers quickly restore data in the event of a cyberattack.

Another important component to data backups is regular testing to ensure that backups are viable and restored systems function normally.

Legacy Systems

Some manufacturers still employ legacy systems that cannot be backed up. These might include custom systems that were built by employees no longer with the company or by vendors that have gone out of business. These systems may run on older, unsupported operating systems or hardware. For manufacturers with such systems in place, a cyberattack can cause a complete business disruption until replacement systems can be found.

Legacy systems that cannot be backed up should be replaced or be protected with additional security measures.

Assessing Manufacturing Executive Systems

MES, or manufacturing executive systems, are the nerve center of modern manufacturing operations. The MES monitors, tracks, documents, and controls the process of manufacturing from raw materials to finished products. The data stored in the MES also may be integrated with other mission-critical systems, such as process control systems.

Important issues to consider:

  • Whether all MES components are backed up as images or only certain configuration and database files
  • How quickly can the MES be restored in the event of an incident
  • If on-site backups are deleted or unavailable, is the MES backed up elsewhere
  • Does the company have a recent disaster recovery policy, data backup policy, and incident response plan in place
  • Do these policies and procedures address backup and restoration of the MES
  • How often are these policies and procedures reviewed and tested


A company's policies and procedures can help protect against business interruption from cyberattacks. Redundant and regularly tested data backups, including offsite backups, are critical to surviving these attacks and getting up and running quickly. Threat actors know that manufacturers will be desperate to restore operations in the event of an attack — making them more likely to pay the exorbitant ransoms. Therefore, it is important to assess and identify any security gaps before experiencing a cybersecurity incident.

Jackson Lewis attorneys have in-depth knowledge of the unique issues facing manufacturers and extensive experience responding to cyberattacks and helping companies ensure they have adequate physical, administrative, and technical safeguards in place. Contact a Jackson Lewis attorney for more information.

©2023 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Focused on labor and employment law since 1958, Jackson Lewis P.C.'s 950+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients' goals to emphasize inclusivity and respect for the contribution of every employee. For more information, visit

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Jackson Lewis P.C.

Trade Associations Urge Illinois High Court to Reconsider BIPA Decision in Cothron

By Nadine C. Abrahams Jackson Lewis P.C. March 13 , 2023

The Illinois Supreme Court’s decision that a separate claim under Illinois’ Biometric Information Privacy Act (BIPA) accrues each time an entity scans or transmits an individual’s biometric identifier or biometric information will lead to absurd and unjust results not intended by the Illinois General Assembly, Jackson Lewis argued in a friend-of-the-court brief filed on behalf of a coalition of trade associations representing the interests of thousands of Illinois businesses employing approximately 2.9 million individuals in Illinois.

Seattle Enacts First-of-Its-Kind Law Protecting Individuals Against Discrimination Based on Caste

By Samia M. Kirmani Jackson Lewis P.C. March 10 , 2023

The Seattle City Council passed a first-of-its-kind ordinance prohibiting discrimination based on caste in employment, housing, and public accommodation.

U.S. Supreme Court Declines to Consider Whether Bristol-Myers Applies to Collective Actions

By David R. Golder Jackson Lewis P.C. March 08 , 2023

The U.S. Supreme Court has declined to settle the circuit split on whether its 2017 decision in Bristol-Myers Squibb Co. v. Superior Court of Cal. applies to collective actions brought under the Fair Labor Standards Act (FLSA), 29 U.S.C. § 216(b).

More From Manufacturing

New UK Sanctions Package Would Target Russia's Arms Exports, Front-Line Resources

By Annabel Thomas Greenberg Traurig March 22 , 2023

The UK announced a further round of sanctions and trade measures on 24 February 2023 to coincide with the first anniversary of Russia’s invasion of Ukraine.

5 Trends to Watch: 2023 Retail

By Warren J. Karp Greenberg Traurig March 14 , 2023

The growth in private-label brands is expected to continue in 2023 and the coming years.

Is a business required to include an 'opt out of targeted advertising' link on its homepage (i.e., a Do Not Share link) if it recognizes opt-out preference signals?

By David A. Zetoony Greenberg Traurig March 13 , 2023

Three modern privacy statutes incorporate the concept that individuals should be able to broadcast a signal from their browser or device that directs an organization to cease providing their personal information to third parties for the purposes of targeted advertising.

Featured Stories