A cybersecurity blueprint
- 15 Jul 2025
- 3 min
Connected products and digital solutions support critical infrastructure, which forms the backbone of society around the globe, and is pivotal for maintaining economic prosperity and public safety. This infrastructure spans vital sectors, such as energy, water, transportation, telecommunications, manufacturing, and healthcare, which are all integral to everyday life.
increase in ransomware
impacted OT and ICS
of manufacturing attacked
With increasing digitalization, cyberthreat is no longer looming, it’s a surging reality. Ransomware attacks against industrial organizations have increased by 87% year-over-year, with 60% of the attacks impacting operational technology (OT) or industrial control systems (ICS) in 2024.
Manufacturing is a major focus of cyber criminals, with 65% of manufacturing and production companies hit by ransomware last year, a steady 41% increase since 2020, according to a Sophos survey.
Protecting equipment and software security against cyber threats is non-negotiable to ensure business stability and communities well-being. Cybersecurity requests a thorough and proactive risk management strategy, embracing the whole value chain, from offer ideation to solution implementation at a customer site.
At Schneider Electric, we consciously and proactively structured our risk management approach to maintain our security posture and collaborate with internal and external stakeholders. Our risk management approach has defined ‘Zones of Influence’, which provide us with a structured approach in four critical areas:
- People
- Company
- Suppliers and partners
- Customers and authorities
By focusing on these zones, we aim to minimize human-related risk, secure the company, build resilience in our partner and supplier relationships, and protect customers.
Minimizing human risk
Human error is one of the major factors in data breaches. In fact, in a 2025 study, it was reported that human error contributes to 95% of breaches.
To counteract such incidents, businesses should develop a companywide approach to cybersecurity culture, education, and training that integrates elements of people, processes, and technology controls.
This approach should be complemented with customized training and awareness programs to suit diverse employee groups, including high-risk populations such as top management, human resources, finance and developers. With an aim to encourage each employee group to practice secure behaviors adapted to the risks associated with their roles.
Securing the company
To help enforce cyber controls, businesses have to embrace regulations in a transparent manner. Indeed, we believe that compliance results from a mature cybersecurity posture rather than a compliance-specific approach.
Practical examples include putting in place mandatory cybersecurity policies for all employees and contractors, designed to help them understand how to implement critical tasks securely. We have implemented a Cyber Risk Register to identify cyber risks across our digital, product, and operations landscape, assigning them to business, functional, and operational owners. Our commitment to product security includes an externally certified secure development lifecycle.
Building resilience with suppliers and partners
A wise approach consists in considering suppliers and partners as an extension of the company, and fostering strong and secure business-to-business relationships with them.
In practice, we maintain a resilient value chain through a comprehensive approach across key areas such as secure sourcing and market resilience through channel partner cybersecurity. We have third-party security principles with a tiered system for categorizing our suppliers through a comprehensive risk-based framework with mitigating controls. These controls comprise third-party components, business continuity impact, data access levels, customer-facing and internal system access, and impact on operations or intellectual property.
Protecting customers through transparency and collaboration
Transparency is the key to stakeholders’ trust and overall resilience. It is a core value at Schneider Electric, driving us to exceed regulatory requirements and customer expectations. Our commitment to transparency is evident in our routine disclosure of relevant data and documentation to both government authorities and customers – a practice that not only informs but builds trust through sustained, mutual communication channels.
Our Transparency Report, released twice a year, shares key metrics, data, and information about our company’s digital and security governance. Software attestations, product validations, and crisis simulations are additional initiatives that increase transparency and trust.
A cyber risk management strategy for critical infrastructure is built on three pillars: security, survivability, and transparency. While security and survivability are industry standards, emphasis on transparency fosters a culture of clearly defined roles and responsibilities among ecosystem stakeholders.
Through a ‘Zones of Influence’ approach, centered on people, company, suppliers and partners, and customers and authorities, we implement key initiatives like secure development lifecycles, threat detection, and supply chain security.
Guiding customers and collaborating with authorities is key to move towards cyber resilience and protect society as a whole. By fostering a culture of trust and transparency, we can collectively better protect critical infrastructure from an ever-evolving landscape of cyber threats.
To get an in-depth look at our risk management approach and how we secure critical infrastructure through ‘Zones of Influence’, read our full posture paper “Cybersecurity, Product Security, and Data Protection at Schneider Electric”.
Latest in Technology and Innovation
How circular business models drive resilient growth
How circular business models drive resilient growth
Maximizing the potential of smarter, better, circular strategies
The potential of small and mid-size buildings to drive sustainability
