IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Car factory assembly line stoppage robotic arms smoking cabinet
#
Data Protection
#
DR
#
Ransomware

Manufacturing downtime driven by failures, not cyber

Fri, 6th Mar 2026
Author image
By Sean Mitchell, Publisher

Manufacturers face downtime costs of up to USD $100,000 per hour. Operational failures-such as maintenance mistakes and network issues-were cited more often than cyberattacks as the main trigger for outages, according to research commissioned by backup and recovery supplier Macrium.

The study, conducted with research agency Newton X, surveyed 100 IT and operational technology decision-makers at mid-to-large manufacturers with at least 2,500 employees across the US, Canada and the UK. It examined approaches to system protection, backup and business continuity.

Macrium described the findings as evidence of a "recovery gap": an imbalance between spending on cybersecurity controls and the practical ability to restore systems and resume production after disruption. It warned that this gap can leave manufacturers exposed to frequent day-to-day failures that fall outside the headline risk of ransomware.

Causes Of Outages

Downtime appears common in the sector. Nearly three-quarters of manufacturers said they experience downtime at least annually.

Respondents also reported high financial exposure when systems go down. Almost half of North American manufacturers, and over a third in the UK, estimated losses exceeding USD $100,000 per hour.

Despite the attention on ransomware, cyberattacks accounted for 5% of the primary causes of downtime identified in the survey. Operational and environmental failures were cited more often.

Planned maintenance that goes wrong ranked as the most common cause at 18%. Configuration loss or change accounted for 16%, and network failures for another 16%.

The research highlighted a gap between prevention and recovery. More than half of manufacturers (55%) said they experienced a ransomware incident in the past year. Many of those incidents did not lead to extended production stoppages, the study suggests, because attacks were blocked or contained.

Recovery Timelines

Restoring production after an outage still takes time for many organisations. Three-quarters of manufacturers said it takes more than two hours to restore operations.

The report put the cost of that restoration window at more than USD $274,000, without breaking the figure down by geography or manufacturing type.

High-profile cyber incidents have shaped board-level attention. The report cited the ransomware disruption at Jaguar Land Rover as an example of how cyber-related downtime can shut down plants and affect supply chains.

Macrium CEO Dave Joyce said day-to-day causes of disruption are more routine than many security budgets might suggest.

"Cyber incidents tend to dominate news cycles, because when they do occur, they can be highly disruptive," Joyce said.

"But our research shows that, day to day, manufacturing downtime is far more likely to stem from routine operational failures and an inability to get things back on track smoothly and swiftly. Organisations that focus too heavily on prevention alone risk overlooking the recovery capabilities that ultimately determine how quickly production can resume-whether the cause of downtime is internal or external," he said.

Operational Discipline

The study positions backup and recovery as operational disciplines rather than narrow security controls. It also points to regular testing as key to recovery readiness, particularly as production systems and networks become more connected and complex.

Macrium argued that cybersecurity remains essential because cyber incidents can cause severe disruption. However, it warned that investment weighted heavily toward prevention can create blind spots when more frequent downtime stems from internal changes and routine work on production systems.

Joyce said resilience should not be treated solely as a cybersecurity concern.

"As manufacturing environments become more complex and interconnected, resilience can no longer be treated purely as a cybersecurity issue," he said. "Backup, recovery, and regular testing must be treated as core operational disciplines rather than secondary controls. The ability to recover quickly is ultimately what protects productivity, revenue, and customer trust when disruption inevitably occurs."

Macrium sells backup and disaster recovery products and provides controlled deployment tools. It said the findings point to a need for manufacturers to measure recovery speed and restoration performance alongside controls designed to prevent incidents.

Related stories
Rithum launches SupplyExplorer to speed supplier discovery
Sysdig report says cloud security shifts to machine speed
UK launches GBP £500m sovereign AI fund amid doubts
Accounting software faces AI rivals in bookkeeping shift
Supporting service providers with their global ambitions

Top stories

British Business Bank backs Episode 1 Fund IV with GBP £35M
Securitas names Alan Rae UK North & BAE Systems chief
BlackLine launches AI financial ops model for CFOs
RobCo unveils Alfie robot for variable factory work
Only 6% of UK firms would use AI time for advisory