⚡ Quick Summary
- AkzoNobel confirmed hackers breached the network of one of its U.S. sites
- Manufacturing has become the most targeted industry sector for cyberattacks globally
- The breach highlights the vulnerability of combined IT/OT environments in industrial companies
- All businesses should prioritize cybersecurity fundamentals including genuine software licensing and current updates
Paint Giant AkzoNobel Confirms Cyberattack on U.S. Operations as Manufacturing Sector Threats Escalate
AkzoNobel, the Dutch multinational behind brands like Dulux and Sikkens, has confirmed that hackers breached the network of one of its U.S. sites — the latest in an accelerating wave of cyberattacks targeting manufacturing and industrial companies.
What Happened
AkzoNobel confirmed to BleepingComputer that its U.S. operations experienced a network breach by unauthorized actors. The company, one of the world's largest paint and coatings manufacturers with annual revenues exceeding €10 billion, acknowledged the incident but provided limited details about the attack's scope, the threat actor responsible, or the specific data and systems affected.
The company stated that it had activated its incident response protocols and was working with cybersecurity experts and law enforcement to investigate the breach. AkzoNobel indicated that the attack was contained to a single U.S. site, though the extent of lateral movement within its network and any data exfiltration remained under investigation at the time of the announcement.
No ransomware group had publicly claimed responsibility for the attack at the time of reporting, though this is not uncommon in the early stages of an incident — threat actors often delay public claims while negotiating with victims or preparing stolen data for publication.
Background and Context
The manufacturing sector has become one of the most targeted industries for cyberattacks globally. According to multiple cybersecurity reports, manufacturing surpassed financial services as the most attacked sector in 2025, driven by several factors: the increasing connectivity of industrial systems, the relatively lower cybersecurity maturity of many manufacturing organizations compared to financial institutions, and the high leverage that operational disruption provides to ransomware operators.
Manufacturing companies are particularly vulnerable because their operations combine IT systems (email, ERP, financial systems) with operational technology (OT) systems that control physical production processes. A successful attack can not only steal data but potentially disrupt physical production, creating enormous financial pressure to pay ransoms or accept attacker demands.
AkzoNobel's size and global footprint make it a high-value target. The company operates in over 150 countries and supplies coatings to automotive manufacturers, aerospace companies, and construction firms. A breach at one site could potentially provide attackers with credentials, documentation, or network access that enables movement across the company's global infrastructure.
The chemical and coatings manufacturing subsector has been particularly targeted in recent months, with several companies in adjacent industries disclosing incidents. The pattern suggests that threat actors may be specifically developing expertise in exploiting manufacturing sector vulnerabilities.
Why This Matters
This attack matters because it underscores the systemic vulnerability of the manufacturing sector to cyber threats at a time when the industry is rapidly digitizing. As manufacturers adopt IoT sensors, cloud-connected ERP systems, and AI-driven production optimization, the attack surface expands dramatically while cybersecurity capabilities often lag behind.
For businesses in AkzoNobel's supply chain — including automotive manufacturers, construction companies, and industrial customers — the breach raises questions about supply chain continuity and data security. If attackers accessed customer data, contract details, or proprietary formulation information, the impact could extend well beyond AkzoNobel itself.
The incident also reinforces the importance of cybersecurity fundamentals for all businesses, not just those in overtly "tech" sectors. Manufacturing companies, retail operations, and service businesses all face cyber threats, and maintaining secure IT infrastructure — including keeping systems patched, using enterprise productivity software from legitimate sources, and implementing proper access controls — is essential regardless of industry.
For the cybersecurity industry, the AkzoNobel breach adds to the mounting evidence that current approaches to manufacturing security are insufficient. The sector needs purpose-built security solutions that address the unique challenges of combined IT/OT environments.
Industry Impact
The manufacturing cybersecurity market is expected to grow significantly in response to incidents like the AkzoNobel breach. Insurance providers are already adjusting premiums and coverage requirements for manufacturing companies, and regulatory pressure is building for mandatory cybersecurity standards in critical manufacturing sectors.
For AkzoNobel's competitors, the breach serves as both a warning and an opportunity to differentiate on cybersecurity posture. Companies that can demonstrate robust security practices may gain competitive advantages in enterprise procurement processes where supply chain security is increasingly evaluated.
The incident will likely accelerate investment in manufacturing-specific cybersecurity solutions, including OT network monitoring, industrial control system security, and air-gapped backup systems designed for manufacturing environments.
For all businesses, the AkzoNobel breach reinforces the foundational importance of maintaining properly licensed and updated software. Using genuine, licensed software — from a genuine Windows 11 key for operating systems to properly licensed productivity suites — ensures access to security updates and patches that are the first line of defense against many attack vectors.
Expert Perspective
Industrial cybersecurity experts note that the manufacturing sector's vulnerability is structural, not merely technological. Many manufacturing companies have underinvested in cybersecurity for years, treating it as an IT cost center rather than a business risk management function. The OT systems that control production processes are often decades old, running outdated software, and poorly segmented from corporate IT networks.
The challenge is compounded by the manufacturing sector's operational priorities. Production uptime is paramount, and security measures that could potentially disrupt operations face institutional resistance. This creates a paradox: the systems most in need of security upgrades are often the ones where security changes are most difficult to implement.
What This Means for Businesses
For businesses in manufacturing, supply chain, or industrial sectors, the AkzoNobel breach should prompt an immediate reassessment of cybersecurity posture. Key steps include segmenting IT and OT networks, implementing multi-factor authentication across all systems, maintaining offline backups of critical data, and ensuring all software is properly licensed and current.
Businesses of all sizes should also review their supply chain security requirements. If key suppliers suffer breaches, it can disrupt operations and expose shared data. Including cybersecurity requirements in vendor contracts and conducting periodic security assessments of critical suppliers are increasingly standard best practices.
Maintaining a secure technology foundation starts with basics: genuine licensed software including an affordable Microsoft Office licence, current operating systems with security updates enabled, and proper access controls across all systems. These fundamentals prevent the most common attack vectors and provide the foundation for more advanced security measures.
Key Takeaways
- AkzoNobel confirmed a cyberattack on one of its U.S. sites, with investigation ongoing
- Manufacturing has surpassed financial services as the most targeted sector for cyberattacks
- The attack highlights the vulnerability of combined IT/OT environments in manufacturing
- Supply chain partners should assess potential downstream impacts of the breach
- Businesses should prioritize cybersecurity fundamentals including genuine licensed software and current updates
- Manufacturing-specific cybersecurity investment is expected to accelerate significantly
Looking Ahead
The AkzoNobel breach will likely be followed by additional disclosures from manufacturing companies, as the sector's targeting by threat actors shows no signs of abating. The manufacturing industry faces a critical window to invest in cybersecurity before regulatory mandates force the issue — companies that act proactively will be better positioned than those that wait for compliance requirements to drive investment.
Frequently Asked Questions
What happened to AkzoNobel?
The Dutch paint and coatings giant confirmed that hackers breached the network of one of its U.S. sites. The company activated incident response protocols and is working with cybersecurity experts and law enforcement.
Why are manufacturing companies targeted by hackers?
Manufacturing combines IT and operational technology systems, has relatively lower cybersecurity maturity than financial institutions, and production disruption gives ransomware operators significant leverage to demand payment.
How can businesses protect against similar attacks?
Key measures include network segmentation between IT and OT systems, multi-factor authentication, offline backups, properly licensed and updated software, and regular security assessments of supply chain partners.