Articles

Why connected factory data is a target for hackers

Procedo InsightsJune 18, 20267 min read
Share:

A data asset that is also a liability

In January we mapped the factory's dark data, the shop-floor videos, the machine logs, the procedures no one ever wrote down, an invisible asset that has a flip side. In 2024 roughly a quarter of all cyberattacks aimed at manufacturing worldwide hit Italian companies, a concentration out of all proportion to the country's economic weight (Rapporto Clusit 2025, Clusit). In the same year manufacturing was the sector most targeted by ransomware in Italy, with 46 of the 198 incidents recorded by the National Cybersecurity Agency (Relazione annuale 2024, ACN). The very data that makes a factory competitive also exposes it. It is an asset and, at the same time, a liability.

The figures describe a trajectory, not an isolated incident. In Italy manufacturing was one of the two most-hit sectors in 2024, with about 16% of the serious incidents recorded, and it stayed the second sector in 2025 at 12.6% (Rapporto Clusit 2025 e 2026, Clusit). The national picture worsened in parallel: in 2025 Italy logged 507 serious attacks, 42% more than the year before, equal to 9.6% of incidents worldwide (Rapporto Clusit 2026, Clusit). The concentration remains the most anomalous element. If in 2024 roughly a quarter of the world's attacks on manufacturing struck Italian firms, in 2025 that share fell back to around 16%, still far above the country's relative industrial weight (Clusit, 2026).

On top of this pressure comes the nature of the threat. Ransomware, locking systems to extort a ransom, is the dominant technique against Italian industry, and it hits small and medium-sized enterprises above all, involved in 75% of the recorded events (Relazione annuale 2024, ACN). For a factory this means something precise: the risk is neither abstract nor reserved for large multinationals, but bears on the production continuity of companies that rarely have a structured security function.

Immagine articolo Procedo - AI industriale e manifattura

Why manufacturing in particular

The exposure is not random, and this is where it pays to stop and reason about causes rather than headlines. Manufacturing has become a preferred target for three converging reasons, and none of the three is solved by buying a firewall.

The first is the widening attack surface. The convergence of IT and factory networks, connected machines, sensors and data-collection systems has multiplied the points of entry just as the plant became more intelligent: every new data flow is also a new door. The second is the value of what the factory holds, namely intellectual property, process parameters, bills of materials, know-how worth years of competitive advantage, alongside operators' personal data. For an attacker, halting that production or stealing that knowledge carries a credible ransom price, and this makes industry an economically rational target, not an occasional one.

The third reason is the most structural, and it bears directly on the Italian industrial fabric. The small and medium-sized enterprises that compose it often digitalise faster than they can govern what they digitalise: they connect before putting things in order, and order arrives, when it arrives, after the incident. It is in this gap between the speed of connection and the slowness of governance that the space for an attack concretely opens.

The real weak point is ungoverned knowledge

The factor that ties these three elements together is less visible than the attacks, but it is the one a Production Director actually has leverage over. Most operational knowledge today is ungoverned by default. It lives in the heads of the most experienced operators, on personal phones, in shared folders with no logic, in videos recorded and never catalogued, in PDFs no one has updated. It is exactly the Physical Data Gap we have been describing all along, seen this time from the risk side.

An asset in this state is doubly weak. On the competitive side it is the cost we know: when a senior technician leaves, their method leaves with them, and the learning curve starts over. On the security side, dispersed knowledge is not only hard to transfer, it is also impossible to protect, because you cannot control access, track versions or contain a data exposure you do not even know the location of. What is not structured is not governable, and what is not governable, in a connected factory, becomes a liability.

NIS2 turns data governance into a legal obligation

Onto this scenario lands a regulatory change that moves data governance from good practice to legal obligation. The European NIS2 directive was transposed in Italy through Legislative Decree 138/2024, which assigns the ACN the role of national competent authority (NIS, La normativa, ACN). Its scope for industry has to be read precisely, because approximations are costly here. Not all of manufacturing falls within the perimeter, but the sectors that define Italian industry do: manufacture of machinery, of motor vehicles, of medical devices, of computers and electronic products and of electrical equipment, along with chemicals and food. Within these sectors the obligation applies to medium and large entities, from a threshold of 50 employees or 10 million euro in turnover.

Two aspects make the rule different from earlier compliance duties. The decree places responsibility for adopting and maintaining the measures directly on administrative and management bodies, with a sanctioning regime the directive scales to worldwide turnover. And the timing is tight: the obligations to notify significant incidents are operational from the start of 2026, while baseline security measures must be fully implemented, with demonstrable evidence, by autumn 2026 (NIS, La normativa, ACN). Compliance, in other words, is not exhausted in a formal fulfilment, but presupposes knowing which data and which processes you have, where they reside and who accesses them.

Immagine articolo Procedo - AI industriale e manifattura

Not less digital, but better governed

The conclusion that does not hold is the most immediate one, namely slowing digitalisation to reduce exposure. The data refutes it: less digital factories are hit just the same, and the competitive cost of standing still, in a market that moves, is higher than the cost of the risk. The right direction is not less digitalisation, but governed digitalisation.

The difference between an asset and a liability, for a factory's data, lies entirely in its governability: structured, versioned, access-controlled knowledge is at once more productive and more defensible than dispersed knowledge. It is the same property that creates competitive value and reduces the risk surface, and that is what makes data governance an industrial choice before a technical one. It is not an organisational detail, it is how a company decides how much of its own value to leave exposed.

Where continuity and security converge

This is the point where the problem of operational continuity and that of security find the same answer. Structuring shop-floor knowledge, turning the video of an operation into a versioned, traceable standard procedure, is exactly what Procedo's Instant SOP Generator does: it brings the factory's submerged asset into an ordered, updatable, governable form. It is not a cybersecurity measure, and it does not replace the defences NIS2 requires, but it is the precondition that makes them possible, because you cannot protect what you have not first put in order.

For whoever runs a plant, then, the strategic question is no longer only how much the knowledge the factory produces is worth, but how much of that knowledge is today in a form that can be governed. It is on that answer that the company's competitiveness and resilience are decided together.

Sources

  • Clusit (2025): Rapporto Clusit 2025. Manufacturing's share in Italy in 2024 (about 16%) and the concentration of roughly a quarter of the world's attacks on the sector onto Italian organisations.
  • Clusit (2026): Rapporto Clusit 2026. In Italy 507 serious attacks in 2025 (up 42%, equal to 9.6% of the world total), manufacturing the second sector at 12.6%, the Italian share of global attacks on the sector around 16%.
  • ACN (2025): Relazione annuale 2024. 198 ransomware events recorded (up 20%), manufacturing the most-hit sector with 46 events, SMEs involved in 75% of cases.
  • ACN: NIS, La normativa (transposition of Directive (EU) 2022/2555 via Legislative Decree 138/2024). Sector perimeter, size thresholds, responsibility of management bodies and compliance deadlines.
Enjoyed this article? Share it!
LinkedInFacebook

Related Articles

ISO 9001:2026 and the gap between written procedures and the shop floor
1 min

ISO 9001:2026 and the gap between written procedures and the shop floor

ISO 9001:2026 lands this autumn, but the real audit risk isn't the new clauses: it's documented procedures that no longer match how the work is actually done on the floor.

How multimodal AI surpasses traditional industrial sensors
1 min

How multimodal AI surpasses traditional industrial sensors

Industrial sensors (accelerometers, telemetry) excel at monitoring machines but remain blind to manual operations: they detect a signal, not the context of what the workforce is doing.

Why the Hormuz blockade threatens Italian manufacturing EBITDA
1 min

Why the Hormuz blockade threatens Italian manufacturing EBITDA

The disruption of flows in the Strait of Hormuz dictates a drastic revision of procurement strategies for Italian manufacturing.