Resilient by design: Connecting cybersecurity and digital sovereignty in manufacturing

In today’s volatile geopolitical and economic landscape, manufacturing organizations—particularly those operating complex, interconnected production environments—are rethinking how they approach technology risk and collaboration.

Digital infrastructure is no longer just an efficiency enabler. It is a strategic asset that underpins resilience, trust and long-term competitiveness. As a result, cybersecurity and digital sovereignty can no longer be addressed separately. They are deeply interconnected, shaping not only how organizations protect themselves, but also how they participate in digital ecosystems and data spaces.

This is especially true for manufacturing, energy and critical infrastructure sectors, where operational continuity supports society itself. Manufacturers sit at the heart of global supply chain ecosystems , making them high-value targets for cyberattacks and subject to increasing regulatory scrutiny. For CIOs and CISOs, the mandate is no longer limited to defending systems. It is about enabling resilience, trust and collaboration across organizational and national boundaries.

Why cyber risk is now a geopolitical issue

Cyber risk is less about firewalls and more about staying in control.  Today, state sponsored actors, geopolitical tensions, trade disputes and evolving regulatory frameworks increasingly influence the digital risk landscape. Changes in international data protection agreements, extraterritorial legislation, and cross border data transfer rules have exposed a common vulnerability for organizations worldwide: the loss of control over critical digital assets.

If you rely heavily on a small number of global technology providers—often operating across multiple jurisdictions—you may be exposed to legal, operational and reputational risks beyond your control. Sanctions, licensing restrictions or policy changes can disrupt access to cloud services or critical data with little warning. In extreme scenarios, organizations may be forced into rapid technology migrations, experience operational disruption, or see trust erode among customers, partners and regulators.

Cybersecurity strategies that fail to account for these geopolitical and regulatory realities are incomplete and leave organizations exposed. Likewise, digital sovereignty initiatives that ignore cybersecurity fundamentals risk becoming symbolic rather than effective.

The real question is not whether to choose between cybersecurity and digital sovereignty, but how to use cybersecurity to enable sovereign, resilient operations.

What digital sovereignty really means in practice

Digital sovereignty is often misunderstood as isolationism or technological self-sufficiency. In practice, it is a board level strategic concern, driven by the need for clarity, accountability and control in an increasingly complex digital environment.

At its core, digital sovereignty is about resilient autonomy. It means making informed, strategic choices about dependencies, data and technology—choices leaders can explain, defend and adapt over time while remaining open to innovation and collaboration.

Digital sovereignty spans several dimensions of sovereignty:

• Data: Control over where data is stored, processed and accessed
• Technology: Freedom to choose, switch and combine technologies without excessive lock in
• Legal: Reduced exposure to foreign jurisdictions and conflicting legal regimes
• Economic: Visibility and influence across supply chain ecosystems and long term value creation
• Cybersecurity: Capability to protect, monitor and respond independently across IT and OT environments

Most organizations will not—and should not—aim for complete digital independence. In an interconnected world of shared platforms and global value chains, isolation would limit agility and innovation.

The objective is strategic sovereignty: maintain strong control over critical assets while actively participating in trusted ecosystems and platforms. When designed well, this balance reduces dependency and risks, strengthens stakeholder trust, and enables innovation on your own terms—not those imposed by external providers.

In practice, this requires deliberate architectural and governance choices:

• Hybrid and multi cloud strategies to reduce dependency on a single vendor or jurisdiction to improve workload portability and control over sensitive or mission critical systems.
• Zero trust architectures to maintain visibility or control as IT and OT environments converge and ecosystem connectivity expands.
• Clear data localization and governance frameworks to ensure intentional data placement, classification governance and protection of sensitive information and intellectual property.
• Modular and open source architectures to avoid structural lock in and increase long term flexibility.
• Defined executive accountability —by creating roles like “Digital Sovereignty Officer”—to embed sovereignty into everyday decision making and address cybersecurity, vendor exposure and geopolitical risks consistently across functions.

Common barriers to strategic digital sovereignty

Manufacturers operating at the intersection of cybersecurity, sovereignty and ecosystem participation often face recurring challenges:

• Fragmented data silos and limited visibility : Disconnected systems reduce transparency and slow decision making, particularly across converged IT and OT environments.
• Rising regulatory and cybersecurity pressures : Expanding cyber threats and evolving compliance requirements demand demonstrable control over data flows, technology and (remote) access.
• Legacy operational complexity : Aging assets, especially in OT, are often unpatched and difficult to integrate with cloud, AI, IoT and digital twin technologies.
• Inconsistent standards across borders : Overlapping regulations and different interpretation and translation of international standards to national legislation hinder cross border collaboration and secure ecosystem participation.

Addressing these barriers requires more than incremental improvements. It requires a shift in mindset—from defending organizational boundaries to designing for secure, sovereign collaboration across the ecosystem.

Cybersecurity as the foundation of digital sovereignty

A mature cybersecurity strategy is a prerequisite for digital sovereignty. Zero trust architectures, hybrid technology strategies, strong identity and access controls and disciplined data governance create the technical foundation for control and resilience and to operate with confidence.

In manufacturing and other operational environments, this is especially important. Visibility, segmentation and effective incident response protect not only systems but also ensure employee and environmental safety, and supply chain continuity. Cyber resilience at the operational level directly supports enterprise resilience.

Importantly, cybersecurity also underpins trust across the ecosystem—between manufacturers and suppliers, between organizations and regulators, and ultimately between enterprises and the communities they serve. Data sharing and interconnected networks only work when intellectual property, sensitive information and operational integrity are protected.

For this reason, cybersecurity should not be viewed as a cost center. It is a strategic enabler of collaboration, innovation and long term digital credibility.

Cybersecurity and digital sovereignty are no longer abstract policy discussions. They are strategic decisions that directly impact resilience, competitiveness and trust. Organizations that treat them separately may close technical gaps but remain open to structural risk. Those that connect them and establish visibility, control and trust—by design—position themselves to participate confidently and from a position of strength in manufacturing ecosystems.