IIOT and the manufacturing sector, what’s the risk?

Updated: Jun 7

Industrial Internet of Things (IIOT) is increasingly being adopted by the manufacturing sector in response to increasing demand for customisation, customer expectations and the global supply chain.

Two workers looking at a tablet in a manufacturing plant

IIOT allows cost reduction, shorter time-to-market, mass customization and improved safety.

  • CGI’s study reports that 62% of surveyed manufacturing enterprises are already executing digital transformation pilots and programs.

  • Bsquare annual IIoT maturity survey reports that 86% of manufacturers have already adopted IIoT solutions, and 84% of them find IIoT extremely effective.

So, IIOT is helping the manufacturing sector in a myriad of ways, but there are also associated risks with IIOT which firms quick to implement a solution might not be aware of.

  • Incorrect installation allowing security holes. This could be a simple as not changing the default passwords or removing unnecessary user accounts that came pre-loaded.

  • Legacy systems still in place. Replacing an old system with IIOT might makes sense, and even running the two alongside each other for a short while might be useful but leaving a legacy system might open an organisation up to additional security risk if the legacy system is no longer being monitored or is not being patched.

  • Larger attack surface. This means attackers have more systems that they can try and find vulnerabilities within. Considering some IIOT still have weak or no cryptography or authentication and might be using software which is vulnerable to exploits, carrying out research into the security of IIOT is critical.

What can the sector do?

Child hand reaching for building block

Do the fundamentals well:

  • Change all default passwords, enable 2FA wherever possible, have strong access controls, so access is only given on a ned to use basis and this includes programme as well as people

  • Consider regular vulnerability assessments to ensure that there are no obvious vulnerabilities that an attack could use. This is key if your “real estate” changes regularly

  • Get Cyber Essentials accreditation so you can demonstrate to your employees and supply chain that you are taking cyber resilience seriously

Photo of a research team

Carry out your research

  • What does the IIOT supplier do to maintain their own cyber security and that of their product? Share the National Cyber Security Centre’s device security principles for manufacturers and see which security mitigations they are including in their product

  • Do they use 2FA, encryption, secure code repositories?

  • Do they have default passwords that can’t be changed?

Whether you use IIOT or not, the ECRC is here to help.

The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex, and Kent).


You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.

We recommend that all businesses in the Eastern region consider joining the centre as a free core member. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.


Policing led - business focussed.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.