Earlier this week, we published our analysis of the ESET manufacturing cyber security survey — the headline being that 78 per cent of UK manufacturers had been hit by a cyber incident in the past twelve months. Since then, additional reporting from Industrial Cyber, Cybersecurity Insiders, and other specialist outlets has surfaced data from the same ESET report that paints an even more alarming picture — particularly around the financial damage these attacks are causing.
The numbers are worse than we initially reported. And if you run a small business anywhere in a manufacturing supply chain, you need to understand what they mean.
The Losses Are Bigger Than First Reported
Our original article noted that over half of the most severe incidents resulted in losses exceeding £250,000. The fuller picture from the ESET report reveals that nearly one in five manufacturers suffered losses above £1 million from a single cyber incident. That is not a worst-case scenario quoted to frighten people — it is the lived experience of roughly 20 per cent of the companies surveyed.
When you break down what makes up these six- and seven-figure costs, the categories are painfully familiar to anyone who has dealt with a business crisis: lost revenue during production downtime, the cost of recovery and remediation, reputational damage that lingers long after systems are restored, and the expense of bringing in third-party investigators and support. For a large manufacturer, these costs are survivable. For a small business in their supply chain, any one of those categories could be terminal.
These Are Not Random, Isolated Attacks
Perhaps the most concerning new detail to emerge is the coordinated nature of these incidents. According to reporting from Cybersecurity Insiders, nearly eight in ten manufacturers faced multiple incidents occurring simultaneously, and in some cases, these attacks were traced back to the same criminal groups. This is not a case of bad luck striking twice — it is organised, targeted criminality designed to maximise disruption and financial gain.
For small businesses, this matters because coordinated attacks on your larger partners and customers create cascading disruption. When a manufacturer you supply is hit by simultaneous attacks across multiple systems, their recovery takes longer, their orders to you dry up faster, and the financial pressure on the entire chain intensifies.
AI-Powered Attacks Are Succeeding at an Alarming Rate
We noted in our original article that 46 per cent of respondents cited AI-enabled attacks as their top concern — ahead of phishing and ransomware. The additional data reveals why that concern is justified: AI-powered attacks now have a success rate of nearly 88 per cent.
That figure should give every business owner pause. It means that for every hundred AI-driven attack attempts, roughly 88 succeed. These are not the clumsy phishing emails of five years ago with obvious spelling mistakes and implausible scenarios. AI-generated attacks adapt in real time, identify system weaknesses automatically, and exploit them before traditional defences can respond. The old advice to "train your staff to spot suspicious emails" remains important, but it is no longer sufficient as a primary defence when the emails are virtually indistinguishable from legitimate correspondence.
The Expectation of Being Hit Again
One of the most telling new data points is forward-looking rather than retrospective. Forty-three per cent of respondents believe their organisation is likely to experience a cyber attack within the next twelve months, with that figure rising to 51 per cent among larger businesses. Even among smaller organisations, 39 per cent expect to be hit.
Think about what that means. Nearly half of UK manufacturers are going into the next year expecting to be attacked — and many of them have already experienced the financial devastation that follows. This is no longer a risk that businesses can dismiss as unlikely. The industry itself has accepted that attacks are a near-certainty.
What the Jaguar Land Rover Timeline Tells Us
When we wrote our original article, we referenced the JLR attack and its estimated £1.9 billion economic impact. Additional reporting has since filled in the timeline more precisely. The factory stoppage extended to four weeks, with full operational recovery taking six weeks in total. The fallout contributed to a 43.3 per cent drop in JLR's third-quarter wholesale volumes.
There is also a troubling governance angle. The Cyber Monitoring Centre warned that government intervention to support JLR's recovery sets a worrying precedent — the concern being that if manufacturers believe the government will step in to help after an attack, the incentive to invest in prevention is weakened. For small businesses, there will be no government bailout. You are on your own, which makes prevention not just sensible but existential.
Only Five Per Cent Escaped Unscathed
The ESET report makes one point with brutal clarity: only 5 per cent of organisations that experienced a cyber incident reported no business impact at all. That means 95 per cent suffered tangible consequences. Beyond the headline figures of revenue loss and supply chain disruption, more than a third of affected manufacturers reported lasting reputational damage — the kind that costs customers and contracts long after the technical incident is resolved.
The Budget Shift Is Happening — But Too Slowly
There is a glimmer of positive news in the data. Fifty-seven per cent of cyber security budgets are now allocated to preventative measures, and 63 per cent of organisations believe prevention is more cost-effective than reaction. But 21 per cent still favour a reactive approach — essentially choosing to deal with the consequences rather than invest in avoiding them.
For small businesses with limited budgets, the temptation to be reactive is understandable. But the mathematics are unforgiving. When the average severe incident costs six figures or more, and when 88 per cent of AI-driven attacks succeed, the question is not whether prevention is affordable — it is whether you can afford the alternative.
What This Means for Your Business
If you read our original article and took action, good — keep going. If you have not yet acted, the additional data makes the case even more urgent. Here is what has changed since our last article:
- The financial risk is higher than initially reported. Losses above £1 million are not rare outliers — they affect nearly one in five hit manufacturers.
- Attacks are coordinated, not random. Criminal groups are launching simultaneous, multi-vector attacks designed to overwhelm defences.
- AI is making attacks dramatically more effective. An 88 per cent success rate means your legacy defences are almost certainly insufficient.
- The industry expects to be hit again. If manufacturers themselves are planning for the next attack, so should you.
- There is no safety net. Government intervention for large firms sets a precedent that does not extend to SMBs.
Our IPInsights data continues to show that 72 per cent of attack traffic falls outside standard business hours. If your defences switch off when your staff go home, you are exposed during the exact window that attackers exploit most aggressively.
"The data is now unambiguous. Six-figure losses from cyber attacks are not exceptional — they are routine. Every business in a manufacturing supply chain needs to ask itself one question: can we survive what 95 per cent of hit manufacturers could not avoid?"
Read Our Full Analysis
This article is a follow-up to our comprehensive analysis published earlier this week. If you have not yet read it, start there for the full context, including our IPInsights attack-timing data and practical steps you can take today:
Find Out If Your Business Is Exposed
Our IPInsights threat intelligence service shows you exactly what attack traffic is targeting your network — and when. Don't wait for a six-figure loss to find out where your gaps are.
View pricing plans