From factory floors to frontlines: Why India's manufacturing boom is drawing cyber attackers

Earlier in June, ransomware group World Leaks claimed it had stolen more than 200,000 files from Tata Electronics and published samples on its dark web leak site. The cache allegedly included Apple manufacturing specifications, engineering drawings linked to Tesla's Project Highland, and employee passport copies. Tata Electronics acknowledged that it had detected "a cybersecurity incident on some of our systems" weeks earlier, saying operations remained unaffected, while Apple said it too was investigating.

A day after that, Bajaj Auto also disclosed that it had detected a ransomware attack affecting both the company and its wholly owned subsidiary, Bajaj Auto Technology Limited. It said cybersecurity teams had initiated containment measures and informed CERT-In, without indicating whether data had been compromised or production affected.

These incidents are not occurring in isolation. Last September, Jaguar Land Rover, owned by Tata Motors, was forced to suspend production across multiple plants after a cyberattack attributed to the Scattered Spider group disrupted operations and rippled through its supplier network. Months later, Tata Technologies also reported a ransomware attack.

Taken individually, these incidents may appear unrelated, but it is hard to ignore the pattern. As multinational companies diversify manufacturing and Indian firms move further up the value chain, they are not only producing more but also handling proprietary designs, research data and critical production systems for global customers. Industry executives say that evolution is making cybersecurity less about protecting corporate networks and more about safeguarding business continuity.

"Manufacturing has become one of the most targeted industries for cyberattacks globally," says Balaji Rao, Area Vice President, India & SAARC at Commvault. "Manufacturers serving global customers are increasingly expected to demonstrate resilience, not just security. The ability to recover quickly has become a competitive differentiator."

The trend is reflected in IBM's latest X-Force Threat Intelligence Index, which found that manufacturing remained the world's most targeted industry for cyberattacks for the fifth consecutive year, accounting for 27.7% of all incidents the company responded to in 2025. Ransomware attacks on manufacturing rose 58% year-over-year in 2025, with 1,060 manufacturing victims posted on leak sites, according to GuidePoint Security's GRIT Report 2026. In India specifically, Check Point's Manufacturing Threat Landscape 2025 report found that industrial manufacturing organisations faced up to 2,786 cyberattacks per week, with India ranking second globally for manufacturing attack volume after the United States.

Cyberattacks on manufacturers now carry consequences that extend well beyond data loss. A breach can halt production lines, delay deliveries, expose customer intellectual property and disrupt supplier commitments across multiple countries. Murali Rao, Partner and Cyber Security Leader at EY India, believes the sector has not kept pace with the evolving threat landscape. "The cyber threat actors find the Indian manufacturing industry an easy target given the lack of investments on enhancing the cyber posture in the industry," he says.

According to Rao, recent incidents have exposed gaps in operational technology (OT) visibility, supply-chain resilience and OT incident response. "The gaps in the cyber posture between the MNC and Indian driven industries is glaring and alarming," he says, adding that boards need to make cybersecurity leadership and investment a higher priority.

The new weak links

The growing concern stems from the way manufacturing itself has changed. Manufacturing operations today rely on interconnected ERP platforms, operational technology, cloud infrastructure, IoT devices, AI-enabled applications and supplier portals. While these systems improve efficiency and visibility, they also create a much larger attack surface.

"The speed of digitisation isn't the problem. The challenge is that business transformation often outpaces cyber resilience," says Commvault's Rao. He points to three recurring blind spots. The first is hidden dependencies. As manufacturers connect production systems with cloud platforms, supplier ecosystems and AI applications, disruptions in one environment can quickly cascade across production, logistics and customer commitments.

The second is AI governance. Manufacturers are increasingly deploying AI for product design, predictive maintenance, quality assurance and supply-chain optimisation, but many organisations have yet to build governance frameworks or resilience around those systems.

The third is recovery planning. "Many organisations know what they need to protect, but far fewer have defined their minimum viable company”, the minimum set of systems, identities, operational technology, applications and data required to safely restart manufacturing after an attack, he says.

According to Rohan Gupta, Vice President – Cloud, Security & DevOps at R Systems, citing industry estimates, India is now the second most targeted country globally for manufacturing cyberattacks, with manufacturers facing close to 2,800 attacks every week. He also says that the motivation behind attacks has also changed. Instead of simply locking systems for ransom, attackers are increasingly pursuing production data, OEM relationships, engineering designs and proprietary manufacturing processes because those assets hold long-term strategic value.

He adds that artificial intelligence is accelerating both sides of the equation. As manufacturers embed AI copilots and agents into production and enterprise systems, attackers are also using AI to identify and exploit vulnerabilities more quickly. As a result, "the window between 'we adopted this technology' and 'attackers found a way to exploit it' has gotten much shorter."

Recovery is becoming the real benchmark

Industry executives say the conversation is also changing inside boardrooms. Cybersecurity is increasingly being evaluated alongside manufacturing reliability, customer trust and operational continuity rather than as a standalone IT function.

Pooja Jamwal, Head of Corporate Development, Cyient DLM, which is an electronic manufacturing services (EMS) provider, says cybersecurity is now embedded in customer qualification and programme selection processes, with global customers demanding audited security frameworks, stronger data protection practices and greater visibility into manufacturing systems.

"Cybersecurity is no longer seen as an isolated IT function but is embedded into core business and operational strategy," she says. "It has a direct linkage to manufacturing reliability, on-time delivery, customer trust and regulatory compliance." That changing mindset also extends to incident response. "When a manufacturer's systems go down, the real metric is not how quickly data is restored but how quickly production can safely resume," says Commvault's Rao.

For manufacturers supplying global OEMs, he says, acceptable recovery windows are increasingly measured in hours rather than days because every disruption can ripple through supplier commitments and production schedules. This is pushing organisations towards what Commvault describes as "Resilience Operations", where companies continuously assess risks, validate whether critical systems can be recovered and prepare to keep essential operations running even during an attack.

Gupta believes that resilience also requires elevating cyber risk beyond the IT department. "When cyber sits in the IT department, it competes for budget with helpdesk tools and network upgrades. When it sits at the board level, it gets treated like what it actually is—a business risk that can take operations offline or expose an OEM's confidential IP," he says.

For companies supplying global customers, executives say the conversation is gradually shifting from preventing every attack to ensuring operations can recover quickly when one occurs. "Cybersecurity is no longer seen as an isolated IT function but is embedded into core business and operational strategy," says Cyient’s Jamwal. "It has a direct linkage to manufacturing reliability, on-time delivery, customer trust and regulatory compliance."