Industrial machine in motion, reflecting the zero-trust approach in manufacturing where no access is assumed to be safe by default | DXC Technology Insights

Industry Spotlights | July 15, 2025

Who do you trust? In manufacturing, the answer is no one

Today’s factories are no longer isolated silos of machines. Manufacturing has become a hyperconnected ecosystem where IT and operational technology (OT) systems share data, AI automates decisions, digital twins simulate entire operations, and third-party devices plug directly into production lines.

These systems are built for efficiency, but they also introduce new risks to operational security.

If trust is misplaced or unverified at any point, the consequences can threaten worker safety, product quality and public welfare. And even minor lapses in trust can have severe consequences, as they can ripple through complex manufacturing environments.

Forget the drawbridge: The era of perimeter-based security is over

Traditional security models treated networks like moated castles—anyone or anything inside the perimeter was assumed safe. But as manufacturing environments have evolved, that assumption has become a liability.

To stay resilient, manufacturers are adopting zero trust: a security model that verifies every user, device and interaction—continuously.

In modern factories, IoT sensors monitor everything from pressure to temperature. AI decides when to trigger shutoffs. And cloud platforms manage global workflows. Every connection is a potential entry point, and attackers know it.

This approach isn’t theoretical. DXC is applying zero trust principles across its own enterprise, and for clients everywhere, improving security posture and business resilience.

Ground zero for ransomware

Manufacturing is now the most targeted industry for ransomware, accounting for up to 29% of reported attacks according to CheckPoint Research.

And this isn’t just about data loss. When OT systems are compromised, the impact is often physical and immediate. Think shutdowns, broken supply chains or even nationwide disruption.

With manufacturing systems underpinning everything from food and pharmaceuticals to energy and defense, the stakes couldn’t be higher. In an environment where uptime and safety are paramount, the only safe assumption is that everything—human or machine—can be compromised.

That’s where a zero trust approach comes in.

The importance—and fragility—of manufacturing

In April 2025 power outages across Spain and Portugal brought trains, hospitals and factories to a standstill. Though evidence does not indicate it was caused by a cyberattack, the incident underscored the real-world disruption a single point of failure can cause.

Zero trust: More than a cybersecurity framework

Zero trust starts with a simple principle: never trust, always verify. Every access request—whether from a person, machine or application—is assessed in real time against a set of dynamic criteria: Who? What? When? Where? Why? Which?

This is more than identity verification. It’s about understanding behavior, device health and context before granting any level of access.

In manufacturing, that goes beyond verifying people. Machines need identity too. Every system must enforce least-privilege access, allowing users and devices to do only what they’re authorized to do. And every action must be logged automatically, so teams can track who did what, when and why to support compliance and incident response.

For example, a programmable logic controller (PLC), which is a specialized computer for controlling automated processes and equipment, should only accept instructions from verified apps or authorized engineers.

Manufacturing needs a new security mindset

Despite rapid digital transformation involving cloud platforms, autonomous robotics, AI and IoT, many manufacturers still rely on outdated security models like flat networks, legacy PLCs and minimal access controls. These systems were designed for reliability, not resilience. Add the explosion of remote access tools and third-party integrations, and the attack surface has grown significantly.

Zero trust offers a practical blueprint for manufacturers. Here’s our advice for implementing a zero trust approach:

Authenticate at every layer for human users and machines alike
Enforce least privilege by explicitly authorizing each interaction
Micro-segment networks into isolated systems
Ensure offline resilience, using tools to securely sync offline-collected data
Audit everything to support compliance and rapid investigation.

Without this kind of robust approach in place, it can be challenging for organizations in manufacturing and other industries to have a clear picture of who has access to critical assets and data, and how they are using it.

As a result, companies can unnecessarily expose themselves to costly data breaches and other security incidents.

Beyond zero trust in manufacturing

Manufacturing isn’t the only industry grappling with the risks of converging physical and digital systems. Finance, healthcare and utilities—anywhere physical infrastructure meets digital control—face similar challenges.

Whether it’s hospital ventilators, power grids or payment terminals, the principle remains: when physical operations are controlled digitally, the potential impact of a breach becomes far more serious.

That’s why zero trust is gaining traction far beyond the factory floor. At DXC, we’re seeing cross-sector customers recognize that zero trust needs to be an enterprise-wide initiative.

With its deep experience in zero trust architecture and identity and access management, the DXC team is helping organizations embed zero trust into every layer of the enterprise—security, IT, operations and culture.

Abstract image symbolizing Zero Trust’s universal principle — verify everything — to protect critical systems across industries | DXC Technology Insights

The big picture

The core principle behind zero trust—verify everything, every time—is industry-agnostic. It applies whether you're protecting a smart factory, a hospital ward or a financial transaction.

And the good news is that DXC experts are there to guide organizations in different sectors on their zero trust journey to safeguard critical systems, improve visibility and ensure operational continuity.

DXC’s full range of security expertise includes deep experience in zero trust architecture and identity and access management, with over 450 million digital identities under management, along with world-class detection and response capabilities.