Manufacturing Cybersecurity FAQ: Common Questions from UK Manufacturers
Manufacturing cybersecurity generates consistent questions — from operations directors unfamiliar with OT security concepts, to IT managers uncertain about how to secure legacy production systems, to procurement teams navigating supply chain security requirements. This FAQ addresses the most common questions from UK manufacturers.
Manufacturing is the most ransomware-targeted sector in the UK — and most manufacturers have significant unaddressed security gaps that could be closed with basic controls.
Manufacturing Cybersecurity Frequently Asked Questions
Frequently Asked Questions
Do we need Cyber Essentials if we are a small manufacturer?
If your company supplies to the UK government, MOD, or large manufacturers who require it in their supply chain, then yes — Cyber Essentials is a contractual requirement. Even if it is not currently required, the NCSC recommends Cyber Essentials as a baseline for all UK organisations. For manufacturers, it also provides evidence for cyber insurance applications and supply chain qualification processes. The cost (typically £300–£500 for assessment) is negligible relative to the risk it addresses.
Can we secure our OT systems without taking production offline?
Yes — most OT security controls can be implemented without production downtime. Passive network discovery, network monitoring, and firewall rule analysis can all be conducted without touching production systems. Network segmentation changes should be made in planned maintenance windows but do not require production shutdowns. Endpoint security for engineering workstations and corporate IT (which bridges IT and OT) can be deployed during normal operations. The key is planning the changes carefully, testing in a lab environment where possible, and scheduling production-facing changes during planned maintenance.
What should we do if ransomware hits our production systems?
Immediately: assess production safety (can production continue safely, should it switch to manual, or should it be safely shut down?). Do not power off systems — preserve forensic evidence. Isolate affected systems from the network. Activate your manual downtime procedures. Contact the NCSC (0300 020 0973). Engage your incident response provider. Do not pay the ransom without law enforcement and legal advice. Begin ICO notification assessment if any personal data was involved. Notify your cyber insurer.
How do we handle security patches for systems we cannot easily update?
Where systems cannot be patched on a standard cycle (typically because of validation requirements, OEM restrictions, or operational constraints), the approach is: document the risk formally; implement compensating controls (network segmentation to limit attack surface, application whitelisting if supported, enhanced monitoring); engage the OEM about their patch roadmap and migration path; plan a structured upgrade programme with budget and timeline; and include the unpatched systems in your annual penetration test scope to understand actual exploitability. Never simply ignore the risk — document the decision and the compensating controls.
What is TISAX and do we need it?
TISAX (Trusted Information Security Assessment Exchange) is the automotive industry's information security assessment framework. It is required by all major European OEMs (BMW, VW, Mercedes, Stellantis, and others) for suppliers handling sensitive information — prototype data, engineering drawings, personal vehicle data, or manufacturing process information. If you supply to these OEMs or aspire to do so, TISAX certification is effectively mandatory. TISAX assessments are conducted by VDA-accredited assessment service providers, and results are shared through the ENX portal so multiple OEMs can access your assessment result without requiring duplicate assessments.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.