Operational resilience has become a critical consideration for manufacturers as production environments become more connected and dependent on digital systems.

Operational technology, business applications, suppliers, cloud platforms, and third-party service providers now form a tightly integrated ecosystem where a cyber incident, supplier compromise, or technology failure can have far-reaching consequences.

According to New Zealand's Cyber Security Strategy 2026-2030, cyber threats are now considered one of the country's most significant national security challenges. The Government estimates that New Zealanders lose more than $1.6 billion annually to cybercrime, primarily through cyber-enabled fraud, while 59% of large New Zealand businesses reported experiencing a cyber incident in the past year.

For manufacturers, the implications extend well beyond the loss of data. Cyber incidents can disrupt production systems, delay customer deliveries, compromise intellectual property, impact safety, and create significant reputational damage.

The New Zealand Government has recognised this growing risk. The Cyber Security Strategy identifies the protection of critical infrastructure and essential services as a national priority and notes that many organisations have not consistently managed cyber risk in line with leading practice. The Government has also announced plans to develop a regulatory framework to strengthen the cyber security of critical infrastructure operators and improve national resilience. Manufacturers should also be mindful of a rapidly evolving threat and regulatory landscape. The Strategy highlights four major trends affecting New Zealand organisations: the growing use of artificial intelligence by both defenders and attackers, increasing geopolitical cyber activity, more complex and vulnerable digital supply chains, and the growing capability and sophistication of cybercriminals. Perhaps most importantly, the report notes that cybercriminals continue to succeed because organisations fail to implement basic cyber security controls. Poor password practices, unpatched systems, weak configurations, and unmanaged third-party risks remain common entry points for attackers.

For manufacturing businesses, the message is clear: cyber security is no longer about protecting computers. It is about protecting production, maintaining customer trust, securing supply chains, and ensuring business continuity in an increasingly connected world.

Common Cyber Risks Facing Manufacturers

Some of the most common cyber security challenges we see within manufacturing environments include:

  • Ransomware disrupting production and operational systems.
  • Unsecured remote access into manufacturing equipment.
  • Third-party supplier breaches impacting operations.
  • Legacy systems that cannot easily be patched or upgraded.
  • Lack of visibility into critical assets and associated cyber risks.
  • Phishing and credential theft leading to unauthorised access.

The consequences can be significant. Beyond system downtime, organisations may face regulatory obligations, contractual penalties, loss of intellectual property, and damage to customer trust.

Standards and Frameworks Worth Knowing

Manufacturers do not need to start from scratch when improving cyber security. Several established frameworks provide practical guidance, including:

  • The CIS Critical Security Controls.
  • The NIST Cybersecurity Framework.
  • ISO 27001 Information Security Management.
  • IEC 62443 for industrial control and operational technology environments.

These frameworks help organisations prioritise investments and focus on controls that deliver measurable risk reduction.

Five Practical Actions You Can Take Today

Improving cyber security does not have to begin with a large technology investment. Start with these foundational steps:

1. Know What You Need to Protect

Create and maintain an inventory of critical systems, production assets, and key suppliers. You cannot effectively protect assets you do not know exist.

2. Strengthen Access Controls

Implement multi-factor authentication wherever possible and regularly review privileged accounts and remote access pathways.

3. Improve Patch and Vulnerability Management

Develop a process for identifying and addressing vulnerabilities, particularly for internet-facing systems and critical operational technology.

4. Assess Your Supply Chain Risk

Understand which suppliers have access to your systems, data, or production environments and ensure appropriate security requirements are in place.

5. Prepare for an Incident

Develop and test an incident response plan. Knowing who makes decisions, who to contact, and how to recover operations can significantly reduce the impact of an incident.

A Simple Manufacturing Cyber Security Checklist

Before the end of this month, ask yourself:

  • Do we know our most critical production systems?
  • Have we enabled multi-factor authentication for key accounts?
  • Do we understand our highest-risk suppliers?
  • Do we have a tested cyber incident response plan?
  • Can we confidently explain our top cyber risks to senior leadership?

If the answer to any of these questions is "no", they represent valuable opportunities to strengthen resilience.

Cyber security is no longer simply an IT issue. For manufacturers, it is an operational, financial, and business continuity issue.

Organisations that take practical, risk-based steps today will be significantly better positioned to withstand the threats of tomorrow.

Author: Aaron Gayton

Aaron is the founder of Overcyte. With deep domain knowledge in Industrial Control Systems (ICS) and Operational Technology (OT), Aaron has spent over 20 years helping mission critical organisations secure their infrastructure and their people.