The latest news, trends, analysis, interviews and podcasts from the global food and beverage industry

As European food and beverage production becomes increasingly automated, the risk of cyberattacks on operational technology is growing. Lucas Majewski of Mitsubishi Electric Factory Automation explains why protecting legacy and modern production lines is now a critical priority for manufacturers seeking to safeguard output, compliance and reputation.

The average life of an automated production line can range from ten to 20 years, depending on the nature of the produce. This is often facilitated by the fact that, in general, automation equipment is inherently reliable and can last for many years.

For many production managers in the food industry, the biggest worry has often focused on obsolescence – ie. ‘will I have access to the necessary spare and replacement parts to maximise uptime throughout the operational lifespan of this production line?’

However, concerns over the cybersecurity credentials of the operational technology (OT) equipment are quickly catching up.

After all, recent data paints a worrying picture. The European Union’s cybersecurity agency ENSIA reported that 18% of cybersecurity incidents between July 2024 and 2025 were aimed at OT systems, while the European Commission perceived cybersecurity threats to be the most relevant threat to the EU’s food supply in 2025.

Let’s put this into context for manufacturers. It’s only relatively recently that automation equipment has had to comply with cybersecurity requirements, such as IEC 62443-4-2, which came into force in February 2019.

As a result, there is likely to be a high volume of legacy automation equipment installed throughout European food production sites, which will not have the same level of built-in cyber resilience as recent generations of products.

Cybersecurity as a producer's priority

So, while IT departments may have taken action to implement a robust defence at the enterprise level, the OT layer may still pose a significant risk. After all, if a potential hacker wanted to cause maximum disruption to a manufacturing plant, the attack would most likely target the production area. Get control of the OT layer, and you have effective control over the whole plant.

Legislation is thankfully catching up with the threat level. Food production, processing and distribution were added to the list of ‘important entities’ when the NIS2 Directive text was adopted in 2022. Planned changes to the EU’s Cyber Resilience Act will also come into force in December 2027. This will help to further protect businesses across Europe when purchasing software or hardware products with a digital component.

While this will undoubtedly help end-users in the food industry, it is primarily aimed at strengthening the cyber resilience of new installations.

For legacy lines, there are several measures that food manufacturing teams can implement to protect against an ever-increasing OT cyber threat.

Steps to enhance security

The first step is to undertake an OT cyber risk assessment. This should help provide a clear overview of the specific vulnerabilities within your plant’s existing automation equipment and network infrastructure. It will act as a critical step to ascertaining which devices are on the industrial control network and how they connect. This plan should also include recommendations on suitable remedial actions.

Once the OT cyber risk assessment is complete, the next step is to deploy a strategic plan that covers not only the remedial actions from the risk assessment, which are likely to largely address legacy issues, but also outlines future best practices given the constantly evolving nature of OT cyber threats.

While each plant will require its own tailored strategy, there are some common themes:

Applying a ‘defence in depth’ strategy helps to harden the organisation’s cyber security posture, detect threats and deter potential hackers as quickly as possible. This involves approaching OT cybersecurity in a layered approach, with a zero-trust framework and strict control over who can access the devices, knowing exactly what is on the OT network and how the devices interconnect, and being able to detect and report suspicious anomalies and respond quickly.

Within this layered model, modern OT security technologies play a critical role by providing continuous visibility into industrial assets, deep analysis of industrial protocols and real-time identification of abnormal behaviours before it impacts production. Organisations must implement a comprehensive framework that combines strategic detection and prevention capabilities with network segmentation and asset-centric protection to reduce exposure and limit lateral movement.

By incorporating Moving Target Defence techniques, organisations can dynamically harden critical systems and disrupt adversary activities. Secure remote access, built on zero-trust and Moving Target Defence principles, enables essential maintenance while preserving operational integrity, availability and safety.

The overall strategic plan should also include specific incident response plans to ensure key stakeholders are as well-prepared as possible in the event of an attack. Finally, the overall response must be regularly reviewed to ensure it remains fit for purpose.

Ultimately, while there is never a 100% guarantee against all threats, a defence in depth approach enables an organisation to quickly detect a breach and recover from potential cyber damage, ensuring the organisation remains resilient and keeps the commercial and reputational damage to a minimum.