Your manufacturing environment might be compliant, but that doesn't mean it's protected against a cyberattack. Even compliant systems can fall victim to cybercrime. And the consequences can be devastating.
The SANS Institute sends a clear message in its 2025 State of ICS/OT Cybersecurity Survey: Regulatory compliance alone is no longer enough in operational technology (OT) environments. As regulatory mandates expand in scope and enforcement, organizations must demonstrate not just compliance but resilience, or the ability to withstand, recover from and continue operating through cyberattacks and other incidents that can result in downtime.
The survey data paints a concerning picture. Detection capabilities are improving, but manufacturers remain unprepared for operational disruption and prolonged recovery. According to ABB, downtime costs a median of $125,000 per hour and nearly 70% of companies experience unplanned outages at least monthly. The gap between detection and recovery now represents a significant business risk.
The resilience gap: Where most manufacturers fall short
The numbers from SANS Institute highlight a persistent resilience gap. More than 20% of industrial organizations experienced a cybersecurity incident in the past year. Of those:
- 40% caused operational disruption.
- Nearly 20% took over a month to remediate.
- 3.2% took over a year to fully recover.
The survey indicates that manufacturers detect nearly half of incidents within 24 hours and contain 60% within 48 hours. Still, remediation remains painfully slow. The average incident still takes days to fully resolve, with 22.2% requiring between two and seven days to restore operations.
This detection-to-recovery gap reveals a fundamental misunderstanding of what cyber resilience means. As the SANS Institute’s report notes, detection times have improved dramatically, but recovery capabilities have not kept pace. Organizations are investing heavily in detecting threats but struggle to bounce back when attacks succeed. It's the bouncing back that really counts for keeping systems up and running. Detection alone isn’t enough to ensure operational continuity.
The data around business continuity planning is even more alarming. While 66% of organizations maintain OT-specific backups and failover systems, only one-third test or simulate OT-specific recovery. Just 31.2% maintain site-level playbooks — both essential for proving recovery capabilities. Even more concerning, 8.5% report having no OT-specific resilience planning at all.
The consequences of inadequate resilience
Manufacturers who fail to address the resilience gap face consequences that extend far beyond regulatory fines.
Financial impact
With median downtime costs of $125,000 per hour, according to ABB, even a few days of disruption can result in catastrophic losses:
- Three hours of downtime: $375,000.
- Eight hours (one workday): $1 million.
- One week: $5 million.
The SANS Institute’s survey data confirms these risks are materializing: 13.4% of incidents resulted in financial losses or data compromise.
Competitive disadvantage
Organizations that suffer prolonged outages face more than just financial damage. They lose customer trust, miss delivery commitments and lose market share to more resilient competitors. In today's globally connected supply chains, a single manufacturer's inability to recover quickly can cascade across entire industries.
Safety and regulatory consequences
The survey found that 7.5% of incidents created risks to physical safety, an unacceptable outcome in environments where compromised control systems can endanger human lives. Additionally, 26.1% of organizations subject to mandatory compliance requirements reported possible violations from audits or self-reports, with smaller compliance programs (2–10 facilities) feeling the impact most.
Despite all the frightening numbers, there is good news from the survey: Manufacturers who prioritize resilience demonstrate measurably better outcomes than those who don't. Regulated sites, which have mandatory compliance obligations for secure remote access, experienced roughly 50% fewer financial losses and safety impacts compared to unregulated peers. They didn't experience fewer incidents. They had better capabilities to contain and recover from them. For manufacturers, resilience must be the goal of cybersecurity measures.
Manufacturers can achieve resilience with Acronis Cyber Protect Local
Acronis Cyber Protect Local addresses the critical resilience gap in manufacturing OT environments by enabling rapid recovery from cyberattacks. While improving detection is important, the reality is that attacks will succeed. What matters most is how quickly organizations can recover and resume operations.
The platform offers one-click recovery that any local operator can initiate without IT expertise, transforming recovery times from days or weeks to mere minutes. This is especially critical in air-gapped or remote manufacturing environments where IT professionals cannot quickly reach the site.
As a natively integrated platform, Acronis Cyber Protect Local combines cybersecurity, data protection and disaster recovery in single pane of glass. With Acronis Cyber Protect Local, manufacturers can achieve true cyber resilience and protect operational continuity, worker safety and business viability.
Download the SANS report to learn more.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses.
