By Dave Sample, Advantex Network Solutions.
The North East is one of the UK’s most important automotive and advanced manufacturing regions, built on precision engineering, supply chain discipline and the ability to deliver complex components at scale.
However, the market is changing quickly. Automotive supply chains are adapting to electrification, reshoring pressures and changing customer expectations. Many manufacturers are now looking beyond traditional automotive opportunities towards aerospace, rail, defence, energy and other high-value engineering markets.
Businesses making that move, cyber security is no longer just an internal IT issue. It is increasingly part of supplier assessment, tendering and customer trust. Cyber Essentials, and in many cases Cyber Essentials Plus, is one of the clearest ways for a manufacturer to demonstrate a recognised baseline of protection.
Cyber Security Is Now Part Of Supply Chain Trust
Manufacturers have always been judged on quality, delivery, cost, safety and reliability. Those measures still matter, but they are no longer enough on their own.
Today, manufacturers also hold and process sensitive digital information, including designs, production schedules, customer specifications, supplier information, remote access links and, in some cases, access into wider customer or partner systems. In defence, aerospace, rail and critical infrastructure, this information can be highly sensitive. That means a supplier’s cyber posture is now part of the customer’s risk profile.
Recent manufacturing incidents show why this matters. In 2025, Jaguar Land Rover suffered a major cyber attack that halted production and disrupted suppliers. Similar risks have been seen before, with Toyota suspending domestic factory operations in Japan after a supplier cyber incident, and Norsk Hydro switching some facilities to manual processes following ransomware.
Cyber risk now travels through the supply chain. If your business connects to a customer’s systems, holds their intellectual property or supports their production schedule, your controls become part of their risk profile.
Why This Matters To Manufacturers
A cyber incident is not just about losing access to email or files. It can affect production, delivery commitments, machine availability, customer confidence and cashflow.
This is particularly important where IT and OT environments meet. IT may include laptops, servers, Microsoft 365, ERP systems and file shares. OT may include CNC machines, PLCs, production lines, control systems, robotics, sensors and legacy equipment. These environments have different priorities and risk profiles.
On the shop floor, patching a production system can be far more complex than updating an office laptop. Some systems cannot be easily updated without supplier involvement, downtime, validation or production risk. Others may be running legacy operating systems because the machine or control software depends on it.
Separation between IT and OT is therefore critical. A well-designed environment should reduce the chance that an incident on the office network can spread into production systems. That means controlling routes between environments, restricting access, monitoring traffic, and making sure remote access is secure.
Cyber Essentials helps establish this baseline. It encourages organisations to understand their scope, manage devices, control access, secure internet-facing services, apply security updates and remove unnecessary exposure.
Cyber Essentials Is Not Just A Tick-Box Exercise
One of the biggest misconceptions about Cyber Essentials is that it is simply a certificate to obtain once a year. In reality, the assessment is a snapshot of how security looks at that point in time. The real value comes when the controls become part of day-to-day operations.
Cyber security is no longer solely the responsibility of IT. It touches finance, operations, HR, engineering, procurement, sales and senior leadership. It affects how users access systems, how suppliers are onboarded, how devices are managed, how remote access is granted, and how exceptions are recorded.
Regular patching is essential, but on its own it is not enough. Patching reduces known risk, but it does not always reveal what is exposed, misconfigured, unsupported, forgotten or vulnerable in practice. Businesses moving towards Cyber Essentials Plus, vulnerability scanning should be considered as part of the wider security programme.
Cyber Essentials And Diversification
Manufacturers seeking to diversify into new sectors, Cyber Essentials is a practical commercial enabler. In defence, cyber assurance requirements are increasingly formalised, with obligations that can flow down through the supply chain. In aerospace, rail and energy, buyers are also focused on supplier resilience and protecting data, designs and delivery schedules from avoidable cyber weaknesses.
This changes the role of cyber security in manufacturing. It becomes part of the business development toolkit. Certification does not guarantee contract success, but it can remove a barrier, strengthen a tender response and give customers greater confidence.
A Practical Next Step
Cyber Essentials should be viewed as a practical step towards building confidence with customers, protecting production, and supporting diversification.
Advantex can support manufacturers from initial gap analysis and scoping through to remediation, certification support and ongoing improvement, including advice around IT and OT separation, vulnerability scanning, secure configuration, user access, patch management and wider operational controls.
To explore your options, contact Advantex at sales@advantex.uk.com or call 0345 222 0666.
