In the manufacturing sector, the traditional boundary between "the network" and "the floor" has effectively dissolved. According to Trackforce's executive trends report, Cyber-Physical Security Convergence in Manufacturing, the manufacturing world is entering an era where operational uptime is inseparable from cybersecurity posture.
For cybersecurity professionals, this shift means that protecting data is no longer the sole objective; the new mandate is protecting operational continuity. When a breach can stop 60 trucks or spoil millions of dollars in perishable inventory, security is no longer an IT cost center—it is a business continuity control.
The report highlights that the risks of convergence extend far beyond the four walls of a single factory.
The "maturity mirage" is a significant threat for pure manufacturers. While many have addressed "low-hanging fruit" like basic firewalls, 85% to 90% of organizations still operate in IT and OT silos. This lack of coordination creates a critical lag during incidents, when security teams may not understand the physical impact of a digital anomaly until production has already halted.
Your "invisible" attack surface is expanding. The report notes that identity discipline must now extend to third-party contractors and visitors who access your partners' facilities. If a third-party manufacturer lacks standardized incident reporting or patrol verification, your supply chain resilience is built on a foundation of guesswork.
The five trends every CISO must watch through 2027
Trackforce identifies five predictive shifts that will define the next couple of years. Cybersecurity teams should be most mindful of these evolving "frontiers."
1. Segmentation as an uptime control: Network segmentation is moving from a technical recommendation to a business-linked control. The goal is no longer just "blocking traffic" but ensuring that a compromise in the corporate office cannot trigger a physical shutdown on the line.
2. Identity discipline for the "extended" workforce: Identity is the new perimeter, and in manufacturing, that perimeter includes thousands of non-employees. CISOs must watch for the expansion of Identity Threat Detection and Response (ITDR) to cover contractors, maintenance technicians, and temporary visitors who represent high-risk entry points into OT environments.
3. The "handoff" failure point: Convergence succeeds or fails at the handoffs between departments. Security teams should be mindful of the "ownership gap"; if a networked camera or an electronic gate fails, is it an IT problem, a physical security problem, or an operational maintenance issue?
4. Physical systems as cyber assets: Access control systems, video surveillance, and visitor management platforms are now networked cyber assets. Attackers are increasingly using these "physical" tools as entry points for lateral movement into the broader corporate network.
5. Resilience via automated communications: True resilience is defined by the ability to maintain continuity execution when normal communications fail. Watch for a shift toward automated, standardized reporting that provides "audit-ready" evidence for insurers and stakeholders during a crisis.
To stay ahead of these trends, manufacturing security teams must pivot and audit their physical "shadow IT": Identify every networked physical security device and treat it with the same vulnerability management rigor as a server.
Underwriters are raising the bar for "operational evidence." Security teams must ensure their security program produces time-stamped, photo-backed activity logs that prove controls are working in practice, not just on paper.
Teams must bridge the silos and force coordination between IT and the floor managers. Resilience is built on understanding the physical consequence of a digital alert before it becomes a headline.
Notes from the report:
-
Recent natural disasters and regional infrastructure outages reinforce that disruption often begins with communication breakdown, not malware. When employees are displaced or internet access is limited, plants struggle to confirm workforce availability, verify site status, and coordinate response across distributed facilities. Through 2027, manufacturers will invest more in degraded-mode procedures, crisis communications automation, and repeatable site-level process discipline.
-
Physical security systems continue to consolidate onto enterprise networks, which increases the importance of device posture, segmentation, and logging. As a result, platforms that standardize the human and facility layers and make them usable for investigations and response become a core input to resilience and safety outcomes rather than a side system.
Manufacturing was the most targeted industry in 2024 for a reason: the stakes are physical. As Trackforce's report concludes, the organizations that weather the next three years will be those that treat cyber-physical convergence not as a technical hurdle but as a strategic business advantage.
