McKinsey’s recent article, “The Cybersecurity Providers’ Next Opportunity: Making AI Safer,” highlights the growing need to secure artificial intelligence systems as they become more embedded in business operations. While the article focuses on how cybersecurity providers can protect AI systems, it unintentionally underscores a much bigger problem for small manufacturers in local communities: the widening gap between cybersecurity demands and small business realities.

For small manufacturers, especially those working with government contracts, this issue is no longer theoretical. The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) is now a hard requirement. And unlike tech giants who have dedicated cybersecurity teams, small manufacturers are being left behind to figure it out on their own.

McKinsey warns that as AI systems become more complex, they also become more vulnerable. Cyberattacks aren’t just targeting big corporations anymore, they’re moving downstream into the supply chain, hitting the smaller players who often lack robust defenses.

For small manufacturers, this isn’t just about data breaches. It’s about survival.

• CMMC Compliance is Mandatory: Without it, manufacturers can’t bid on or maintain DoD contracts.
• Cybersecurity Costs are Rising: Hiring experts, installing safeguards, and conducting audits aren’t cheap.
• AI Creates New Vulnerabilities: Automation and smart systems used on factory floors can become entry points for cyber threats.

While McKinsey calls for cybersecurity providers to step up and protect AI systems, the real question for small manufacturers is: Who is helping us?

Why Small Manufacturers in Local Communities Are at Risk

1. Big companies can absorb cybersecurity costs. Small manufacturers cannot. Yet, they’re held to the same compliance standards.
2. The CMMC framework is built around cybersecurity standards which are complex and expensive to implement. Small firms often don’t know where to start.
3. A cyberattack or a failed compliance audit could push a small manufacturer out of the supply chain entirely.
4. Many manufacturers are adopting smart systems, automated machinery, and IoT devices, creating more openings for cyber threats.

McKinsey highlights how critical it is to make AI safer but for small manufacturers, it’s not just AI that’s vulnerable. Their entire operation is. If cybersecurity providers need to rethink how they secure AI systems, local economic developers need to rethink how they support small manufacturers.

Cities and regional economic development agencies might partner with cybersecurity providers to create affordable, scalable solutions tailored for small manufacturers. Shared cybersecurity services, managed IT support, and discounted access to compliance software could lower the barrier to entry.

Manufacturers need step-by-step guidance, not just jargon. Local governments can host workshops, offer toolkits, and fund training to help businesses navigate the CMMC process.

Economic development incentives can cover cybersecurity upgrades, not just machinery and equipment. Cybersecurity is now critical infrastructure for manufacturers.

Just as manufacturers rely on supply chain partnerships, they can also benefit from cybersecurity networks. Regional partnerships can share best practices, vendor recommendations, and compliance strategies.

A Hidden Opportunity?

McKinsey points out that cybersecurity providers have an opportunity to expand into AI safety. But local communities have an opportunity to lead in cybersecurity readiness. Imagine if regions became known not just for manufacturing but for having the most cyber-resilient supply chains. That’s a competitive advantage. Local manufacturers that meet CMMC requirements will stand out in a crowded market. They’ll be better positioned to win contracts, protect their operations, and grow sustainably.

McKinsey is right that cybersecurity must evolve to protect AI systems, but the conversation needs to include the small manufacturers that keep our supply chains moving. Cybersecurity can’t just be a priority for big players; it must be accessible and actionable for small businesses, too.

Local economic leaders have a role to play in closing this gap. Let’s help our small manufacturers meet these challenges head-on and turn cybersecurity compliance from a burden into a competitive edge.

#EconomicDevelopment #Cybersecurity #Manufacturing #CMMC #SmallBusinessResilience