Fortinet: How to Build a Secure Digital Supply Chain

The convergence of operational technology (OT) and corporate IT networks has created new vulnerabilities across manufacturing supply chains, as facilities digitalise production and expand device connectivity.

Fortinet's 2025 State of Operational Technology and Cybersecurity Report reveals how supply chain leaders could address these mounting risks through enhanced visibility, executive accountability and integrated security frameworks.

Factory systems that once operated in isolation now link to broader enterprise networks, exposing critical supply chain infrastructure to cyber threats that can disrupt logistics, compromise production timelines and cascade through interconnected supplier relationships.

According to Fortinet's research, organisations are elevating OT security to executive leadership, with 52% now assigning direct responsibility to the Chief Information Security Officer (CISO) or Chief Security Officer (CSO), a significant increase from just 16% in 2022. When accounting for all C-suite roles involved in OT oversight, that figure reaches 95%.

This shift reflects growing recognition that OT security requires board-level attention and strategic resource allocation. The integration of previously isolated industrial systems into connected networks has fundamentally changed the risk landscape for manufacturing operations.

"The seventh instalment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organisations are taking OT security more seriously," says Nirav Shah, Senior Vice President, Products and Solutions at Fortinet, in the report.

"We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organisations self-reporting increased rates of OT security maturity."

Supply chain disruption

Statista found that the manufacturing sector faced the highest number of cyber attacks in 2023, with 638 reported. These intrusions increasingly deploy ransomware and wiper malware such as Ekans or Industroyer2 to disable industrial operations and extract financial pressure through supply chain disruption.

The vulnerability stems from legacy OT architectures where limited network segmentation allows malware to move laterally between IT systems and operational environments. This creates supply chain risk when attacks on one facility can compromise production schedules, inventory management and distribution networks.

Fortinet's data suggests that organisations with higher OT security maturity levels experience fewer operational outages and revenue impacts, down from 52% to 42% year-on-year. For supply chain operations where uptime directly affects delivery commitments, this reduction in disruption could mean significant competitive advantage.

The financial implications extend beyond immediate ransom demands. Production downtime, delayed shipments and compromised customer relationships create cascading costs that can persist long after systems are restored.

Nirav adds: "Alongside these trends, we're seeing a decrease in the impact of intrusions in organisations that prioritise OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations."

All supply chain, sustainability, Scope 3 and net zero leaders should attend:

• Procurement and Supply Chain LIVE: The Net Zero Summit - QEII Centre, London, March 4-5
• Procurement and Supply Chain LIVE: The US Summit - Navy Pier, Chicago, April 21-22

Co-located with Sustainability LIVE, these events brings together CSCOs, CSOs and senior decision-makers at a moment when sustainability, supply chains and commercial performance are increasingly interconnected.

Tickets can be booked online today for The Net Zero Summit and The US Summit. Group discounts available.

Building resilience across networks

Manufacturers implementing fundamental cyber hygiene, user awareness and threat intelligence have reduced business email compromise significantly. Consolidating security vendors into integrated OT platforms also enhances operational efficiency, with some organisations seeing up to a 93% reduction in cyber incidents compared to flat networks.

Supply chain leaders can strengthen resilience through strategic network segmentation that isolates critical industrial systems from corporate IT using ISA/IEC 62443 zones. Continuous real-time monitoring enables anomaly detection for protocol misuse and irregular controller patterns, identifying threats before they disrupt production flows.

Another Statista report found that the number of phishing attacks per user reached 2.91 on average, with manufacturing and construction hitting around 1.65 attacks per user. This highlights the importance of OT-specific training programmes that address industrial phishing threats and operator errors.

Employee education remains a critical defence layer, as human error continues to serve as an entry point for sophisticated attacks targeting industrial control systems and supply chain coordination platforms.

Securing the digital supply chain

Fortinet's research indicates that cross-team collaboration uniting IT, OT and security functions accelerates incident response in converged environments. For supply chains where coordination between facilities, logistics partners and suppliers determines operational success, this integrated approach could reduce the cascading effects of security incidents.

Unified security frameworks enable consistent policy enforcement across distributed manufacturing networks, reducing gaps that attackers exploit to move between connected facilities and partner systems.

As supply chain digitalisation accelerates through smart factory adoption and expanded connectivity, the convergence of IT and OT security becomes inseparable from business continuity and competitive positioning.

Organisations that treat OT security as a strategic imperative rather than a technical concern position themselves to navigate the evolving threat landscape whilst maintaining the operational reliability their customers depend upon.