2026 Cybersecurity outlook: Manufacturing and industrial products

Legacy systems and sprawling vendor networks have made industrial products (including manufacturing, automotive, and aerospace) the new frontline in a high-stakes cyberwar. Operational technology (OT) and information technology (IT) are now deeply intertwined, expanding the attack surface and exposing organisations to new threats. Increased digitisation and connectivity within manufacturing and industrial sectors further elevate these cyber risks.

There’s been a surge of cyberattacks targeting OT environments, driven by espionage, sabotage, ransomware, and hacktivism. Our survey shows that the top cyber threat industrial products makers feel least prepared to address is attacks on connected products. Disruptions here can have widespread impacts on the organisation, the broader economy, and national security.

Meanwhile, many industrial manufacturers are grappling with budget cuts and talent shortages that force difficult decisions about cybersecurity investments. Only 25% are spending significantly more on proactive rather than reactive security measures, leaving many companies vulnerable to emerging threats.

Drawing on a subset of PwC’s 2026 Global Digital Trust Insights survey, this report captures the latest thinking from 816 global leaders in the industrial products industry, including aerospace and defence, automotive, business services, engineering and construction, and industrial manufacturing. It explores the critical threats they feel least prepared to face, the factors influencing security investment and decision-making, and the role emerging technologies like AI are playing in shaping their cybersecurity strategies in 2026 and beyond.

As industrial products companies modernise, attackers are adapting quickly, exploiting both technological gaps and organisational weaknesses. Understanding these dynamics is critical to shaping effective defences that go beyond traditional approaches, emphasising resilience, agility, and strategic investment.

• Legacy OT systems expand attack surfaces: OT environments often run on outdated systems that weren’t built with cybersecurity in mind. As these legacy OT assets become more connected and integrated with Industrial Internet of Things (IIOT) and robotics, they present growing attack surfaces that are difficult to secure. In 2024, for example, threat actors used unsophisticated methods to exploit vulnerabilities in US water systems, bringing the ongoing risks to critical infrastructure into focus.
• Cyber skills shortages exacerbate risks: Our survey revealed that the top threats in securing OT and/or IIoT for industrial organisations are gaps in OT skills and resources. In addition, insider threats and workforce immigration issues pose significant risks due to the sensitivity of certain roles and heavy reliance on global talent. Leaders report that AI is their top priority for addressing those cyber talent gaps. They also indicate that they plan to leverage managed services to fill gaps, with AI, cloud security and threat management as the top three priorities for cyber managed services.
• Budget constraints force tough trade-offs: As industrial companies undergo digital transformation by connecting OT and IT systems and adopting IIoT, their cyber risk landscape expands significantly. At the same time, rising cost pressures are forcing difficult decisions about where to allocate limited resources. Companies often should choose between investing in new technologies, such as AI and cloud security, and maintaining existing infrastructure or expanding cybersecurity staffing.
• Third-party risks threaten security: Industrial firms rely heavily on large vendor networks, including third-party suppliers and original equipment manufacturers, to support their OT environments. This reliance can create additional cybersecurity challenges, as these external partners may not consistently adhere to stringent security standards.

To keep pace with these evolving risks, industrial products organisations should make smart, focused investments that address critical OT vulnerabilities, boost workforce skills, and lean into cost-saving technologies and managed services.

1. Strengthen OT security and accountability: Create strong perimeters between IT and OT networks to prevent cross-contamination and lateral threat movement. Apply thorough IIoT and OT governance into your architecture strategy to gain end-to-end visibility and controls across distributed environments.
2. Explore options to fill expertise and capacity gaps: Determine if your business should adopt managed cyber services by developing an ROI-based managed services plan that maps technology, skills, and resource needs.
3. Leverage AI for cyber defence: Deploy AI-powered tools that enhance threat detection, automate routine tasks, and provide faster, clearer insights to security teams. Integrate AI-driven solutions across your security operations, from cloud security and endpoint protection to insider threat detection, allowing your teams to identify risks sooner and respond more effectively without overloading analysts.
4. Enhance third-party oversight: Strengthen governance through actionable KPIs that track performance in managing third-party, supply chain, legacy and cloud-based risks. Shift from point-in-time vendor assessments to continuous third-party risk monitoring. Expand third-party risk models to consider quantum capability in vendor environments and resilience to adversarial AI misuse.
5. Strengthen regulatory compliance programmes: Support compliance efforts by mapping cyber threat management to regulatory requirements. Implement structured, proactive compliance programmes. 
6. Identity fraud is on the rise: Exploitation of unsecured applications and weaknesses in identity management systems has fuelled an increase in fraud, especially with online healthcare accounts and incentive programmes like debit cards for preventative care. Our survey reflects this growing concern with payers and providers ranking data protection and trust, alongside security awareness training, among their top cybersecurity investment priorities for 2026.