What is OT/IT convergence and why does it matter for manufacturing security?

OT/IT convergence refers to the increasing connection between operational technology (PLCs, SCADA systems, industrial control systems) and corporate IT networks. As factories connect production equipment to ERP systems, supply chain portals, and remote monitoring services, the attack surface expands significantly. A ransomware infection on an office workstation can now spread to production floor controllers, halting manufacturing. Proper network segmentation between OT and IT environments is the primary control.

Why is manufacturing the most targeted sector for ransomware?

Attackers target manufacturers because production downtime creates enormous financial pressure to pay quickly — estimated at £22,000 per hour for some facilities. Manufacturing firms often run legacy systems with limited patching, have complex supply chain connections that create entry points, and hold commercially sensitive IP. The combination of financial pressure, legacy infrastructure, and complex networks makes manufacturers highly attractive targets.

Do I need Cyber Essentials for government or defence contracts?

Cyber Essentials certification is mandatory for all UK government contracts involving sensitive data or networks. In defence manufacturing, the MOD requires Cyber Essentials Plus for contracts with defence prime contractors. Automotive and aerospace supply chains increasingly mandate CE+ through customer security requirements. AMVIA guides manufacturers through CE and CE+ certification as part of supply chain compliance programmes.

How do I secure production systems without disrupting operations?

Securing OT environments requires a non-disruptive approach — passive network monitoring, vulnerability assessment without active scanning of sensitive ICS devices, and change-controlled patching aligned to maintenance windows. AMVIA works around production schedules, prioritising network segmentation and monitoring over changes that could affect system availability. Our OT security approach focuses on visibility and containment first.

What backup strategy protects manufacturing ERP systems?

Manufacturing ERP systems should be backed up daily with at least one immutable, offsite copy not accessible from the production network. Backups must be tested for restoration — not just verified as written — with documented recovery time objectives. Production configuration backups for PLCs and SCADA systems should also be maintained and tested separately. AMVIA provides backup monitoring and tested recovery procedures for manufacturing IT environments.

Manufacturing IT

Cybersecurity & IT Services for UK Manufacturing

Manufacturing businesses face a convergence of IT and operational technology (OT) risks — from ransomware targeting production systems to supply chain attacks. AMVIA helps UK manufacturers protect both office IT and operational environments without disrupting production.

View Cybersecurity Services

Cyber Essentials Plus

ISO 27001

OT/IT Specialist

Cybersecurity Risk in UK Manufacturing

#1Most targeted sector for ransomware in UK

Manufacturing has become the most frequently targeted sector for ransomware attacks — attackers understand that production downtime creates enormous financial pressure to pay.

OT/ITConvergence creates new attack surface

As operational technology connects to corporate networks and the internet, the attack surface expands significantly. Legacy OT systems often lack modern security controls.

£22KAverage cost of manufacturing downtime per hour

Production downtime is among the most costly business disruptions. A single day of unplanned outage following a cyber attack can exceed the annual cost of managed security.

OT/IT Security Convergence in Manufacturing

Traditional manufacturing security treated operational technology (PLCs, SCADA systems, industrial control systems) as isolated from corporate IT. This separation no longer holds in modern factories, where production systems connect to ERP platforms, supply chain portals, and remote monitoring services. This convergence creates security risks that neither standard IT security nor traditional OT security tools fully address on their own. AMVIA works with UK manufacturers to assess and secure the full environment — from office workstations to production floor controllers — using a pragmatic approach that prioritises availability alongside protection.

IT & Security Services for Manufacturers

Protecting production environments, corporate networks, and supply chain connections — while keeping operations running.

OT/IT Network Segmentation

Properly segmenting production networks from corporate IT reduces the risk of ransomware spreading from an office workstation to manufacturing control systems.

Production System Backup & Recovery

Immutable backups of ERP systems, production configurations, and business data — with tested recovery procedures to minimise production downtime following an incident.

24/7 Threat Monitoring

Continuous monitoring of network traffic and endpoint activity, with alerts tuned to manufacturing environments. Threats detected before they reach production systems.

Cyber Essentials for Supply Chain

Cyber Essentials and CE+ certification helps manufacturers meet customer and prime contractor security requirements — increasingly mandatory in automotive, aerospace, and defence supply chains.

ERP & Microsoft 365 Security

Securing access to ERP platforms and cloud services with MFA, Conditional Access, and DLP policies — protecting commercially sensitive production data and customer information.

Managed Connectivity & Resilience

Dedicated leased lines and resilient connectivity for factories requiring reliable, high-throughput connections to cloud services and remote sites.

Manufacturing Cybersecurity Checklist

Key technical controls for UK manufacturers — aligned to NCSC guidance on OT/IT security and common supply chain requirements.

OT and IT networks segmented

Production systems on a separate, firewalled network segment. Traffic between OT and IT monitored and controlled.

Remote access to OT systems secured

Any remote access to production systems via MFA-protected, dedicated access solutions — not general VPN.

Asset inventory complete

All IP-connected devices — including OT/ICS equipment — documented in an asset register. Undiscovered devices are unprotected devices.

ERP and business system backups tested

Regular backup testing for ERP, production databases, and configuration backups. Recovery time objectives validated.

Supply chain security requirements met

Cyber Essentials or CE+ certification in place where required by customers, primes, or procurement frameworks.

Patch management applied to office IT

Office workstations and servers patched within 14 days. OT patching assessed for compatibility and applied to a maintenance schedule.

Frequently Asked Questions

Book a Manufacturing IT & Cybersecurity Review

AMVIA's team will assess your office IT and OT environment, identify key vulnerabilities, and provide a practical remediation roadmap that works around production schedules.

Related Resources

Pillar Guide

The Complete UK Cybersecurity Guide

Core cybersecurity principles and controls — applicable to manufacturing businesses of all sizes.

Certification

Cyber Essentials Certification

How CE+ certification meets customer and prime contractor security obligations in UK manufacturing supply chains.

Managed IT

Managed IT Services for Manufacturing

End-to-end IT management for UK manufacturers — covering both office infrastructure and production environments.

Comparison

Cyber Essentials vs Cyber Essentials Plus

Which certification level is required for government, defence, and automotive supply chain contracts?

Comparison

MDR vs EDR for Manufacturing

Why manufacturers need 24/7 managed detection and response to protect both IT and OT environments.