Five Cyber Resilience Lessons for Manufacturers
Cyber incidents rarely begin with a dramatic announcement. More often, they start with small operational problems, like a malfunctioning production line or systems behaving unexpectedly.
What determines whether those issues become a manageable disruption or a full-scale crisis often comes down to preparation, communication, and good decision-making under pressure.
That was the focus of a recent cyber resilience webinar hosted by MxD as part of its CyberSecure Supplier Program. Jen Szkatulski, lead cyber resilience adviser for Immersive, acted as moderator.
Everyone has a role in incident response
During the simulation, participants were forced to balance technical troubleshooting with production demands, supplier concerns, customer expectations, and reputational risk. That dynamic reinforced an important reality: in a crisis, everyone becomes part of the response effort.
The session emphasized the importance of clearly defining roles and responsibilities ahead of time. If employees are unsure who makes decisions, when to escalate issues, or how to communicate during an unfolding crisis, organizations can lose precious time.
Documentation is critical, but so is practice
Writing an incident response plan is a good first step, but it’s not enough.
Organizations benefit from actively practicing response procedures until they become operational “muscle memory.” In fast-moving situations, teams do not have the luxury of stopping to search for outdated documents or debating basic escalation procedures.
This includes defining what constitutes a crisis, as well as how and when to involve a Crisis Management Team (CMT). Documentation can also empower employees to act confidently under pressure instead of waiting for approvals or clarification.
Another important takeaway: Incident response planning is never finished. As personnel, technologies, suppliers, and business processes change, plans must evolve with them — and be practiced regularly.
Communication planning is critical to cyber resilience
The simulation highlighted how quickly communication challenges can become as important as technical containment. As the fictional incident escalated, participants had to decide how to communicate with employees, customers, suppliers, and the public even while the investigation continued.
While it’s impossible to prepare for every scenario, developing prebuilt communication templates or “holding statements” for common scenarios — including operational disruptions or potential data breaches — can help organizations respond quickly and consistently during high-pressure situations.
It’s also important to ensure the availability of reliable communication channels during a crisis, including secure or out-of-band communications if primary systems are compromised.
For public-facing communications, consider preparing dedicated newsroom or update sections on primary websites ahead of time rather than attempting to build new communication channels during an incident.
Transparency and empathy matter during crisis communications
The webinar also explored the reputational side of incident response. Even when technical investigations are still developing, organizations must think carefully about how they communicate with customers, suppliers, and the public.
Participants debated the balance between providing timely information and avoiding speculation before facts are confirmed. High-level, factual updates are often preferable during the early stages of an incident, particularly when investigations are ongoing.
At the same time, the discussion reinforced that empathy matters. Whether the incident involves production outages, operational disruptions or stolen data, stakeholders want to know that the organization understands the impact of the disruption.
Cyber resilience requires from leadership
A security culture must start at the top, with executive leadership and board-level engagement.
Szkatulski emphasized that organizations in which leadership actively champions preparation, exercises, and continuous improvement are better prepared to respond effectively. By contrast, fear-based cultures can discourage employees from escalating concerns or responding decisively during an incident.
The ultimate takeaway: Cyber resilience is not built during a crisis. Instead, it is built beforehand through preparation, communication, and repeated practice across the organization.
