For manufacturers and suppliers, especially those in the Defense Industrial Base, cybersecurity in 2025 was all about understanding new threats and responsibilities.
Major attacks on large international companies disrupted business operations, caused substantial financial losses, and offered stark lessons to any business executives not prioritizing defense against cyber criminals. “They’re essentially trying to destroy your business,” the chairman of British retailer Marks & Spencer warned after an attack forced the suspension of online shopping operations.
Defense industry contractors in 2025 got their own reality check when the Department of Defense (DOD) finalized implementation of its Cybersecurity Maturity Model Certification (CMMC) requirements. Attention, suppliers: CMMC is now officially on the books, and, as of Nov. 10, may be a contract requirement.
As 2025 concludes and manufacturers look ahead to 2026, Michael Tanji, director of cybersecurity for MxD, shared insights on the current cybersecurity landscape.
The top trend? “It’s hard to argue with the impact AI has had across pretty much every industry,” Tanji said. “Like anything sufficiently hyped though, it’s important to keep things in perspective. AI has not been the job-stealing boogeyman that people thought it would be (like the Internet before it, and computers before it, etc.), and its successes in any company greatly depend on doing a lot of leg work first.”
The top attack? “I think it’s a tie between Asahi Brewing [which was hit with a massive cyber breach in September] and Jaguar Land Rover [the target in what’s being called the most expensive security breach in British history],” Tanji added.
“Both attacks have had a direct, extended impact on production resulting in direct losses of hundreds of millions of dollars,” he said. “In the case of JLR the economic impact was felt on a national level, namely the British gross domestic product.”
“I don’t know what the cybersecurity capabilities of either company were, but the obvious lesson is that victims come in all sizes,” Tanji noted. “This isn’t the time to go full nihilist about cybersecurity, but it is time to think about things you can or should be able to control, like how quickly and effectively you respond to an attack.”
As manufacturers do that thinking, here are “MxD’s 5 Cybersecurity Trends of the Year”:
AI for good and evil — Artificial intelligence is giving criminals a leg up by creating more enticing phishing emails and writing better malware code. But AI can be a hero, too. It can be used to detect phishing attempts, scan for system weaknesses, and automate threat responses. “As quickly as the bad guys can apply AI to a project, good guys can respond,” said Tanji.
Major attacks — As noted, cyberattacks paralyzed several UK companies, including Marks & Spencer, where a disruption caused a $400 million loss of profit, and Jaguar Land Rover, which was forced to shut down production for weeks. While those high-profile incidents took place in the UK, manufacturers and suppliers anywhere in the world are just as vulnerable. Any digital connection anywhere can become a malware portal.
CMMC rollout — The DOD spent years preparing to implement new cybersecurity regulations to certify companies protect controlled unclassified information (CUI) and Federal Contract Information (FCI). Now that CMMC compliance can be a contract requirement, suppliers are scrambling to get right with the rules by booking a CMMC third-party assessment organization (C3PAO) to do the official assessment. Many companies, especially small and medium-size manufacturers, are still at the starting gate. Don’t delay further. Yes, there are 80+ C3PAOs, but they’re booked months in advance.OT as a target— Cyberattacks aren’t just about ransomware demands or data theft anymore. Hackers can go directly after operational technology (OT), including industrial control systems. The attacks on Marks & Spencer and Jaguar Land Rover showed that an attack, and efforts to combat it, can lead to the shutdown of entire production lines.
MxD Learn’s CAPITAL program offers free, virtual training that equips workers with the skills to ensure compliance — and to protect manufacturers and the systems that power the U.S. economy. To learn more and enroll, visit MxD’s Virtual Training Center.