From automation on the factory floor to customer data in the cloud, new technologies are meant to make manufacturing more efficient, flexible and profitable. But they can also make businesses more vulnerable to cyberattacks, offsetting the gains from digitalization.1
“As an industry, manufacturing is being targeted more frequently than it was in the past and costly cyberattacks are becoming more prevalent,” says Michael O’Connor, Assistant Vice President, Technology and Cyber, Professional Lines, at Sovereign Insurance.
In fact, manufacturing was the most attacked sector in 2022, according to IBM Security X-Force Threat Intelligence Index 2023. It was the second consecutive year the manufacturing industry held the top spot in the index. Extortion was the leading cyber incident for manufacturers, seen in 32% of cases, followed by data theft (19%) and data leaks (16%). In the report, IBM states manufacturers are an attractive target for extortion because they have little-to-no tolerance for downtime.2 Unfortunately, that can mean paying ransom to cybercriminals is the fastest way for businesses to get back up and running again.
“In healthcare, a doctor can still see a patient in the middle of a cyberattack,” says Michael. “But most manufacturers can’t function without their network because so much is now automated in the manufacturing process. If you’re a car maker and lose your computer network in a hacking event, you can’t make cars. So, without the ability to produce goods and services, the loss of revenue for manufacturers can be significantly greater compared to other sectors.”
In a changing landscape, exposures such as ransomware and business interruption are major risks to manufacturers. “Over the past five years, the cyber environment has evolved to the point where ransomware and business interruption risks often exceed liability exposures, which makes manufacturing more susceptible to large losses,” says Michael.
As manufacturers add new trends and technologies to their toolbox, they need to examine new cybersecurity risks that come along with them. For example, many manufacturers use supply chain integration, which connects processes and information across their supply chains, including vendors, suppliers and customers.3
If a supplier’s cybersecurity is weak, that could allow cybercriminals to infiltrate a manufacturer’s system, for example, through malware. “Risk mitigation goes beyond your own company – you have to also assess the cybersecurity of your suppliers,” says Michael. “Like any chain, supply chain integration is only as good as its weakest link.”
Another cyber risk is hybrid work environments. A key exposure here is phishing, a type of cyberattack that tricks users into clicking malicious links, downloading malware or sharing sensitive information.
“More communication is done over email than face to face, and so manufacturers become more susceptible to phishing attacks,” says Michael. “And with the pace that everybody is working at, people can be less diligent at reading emails carefully. They’ll click on malicious links they believe are from an internal source or are legitimate requests from suppliers.”
To mitigate this risk, employee cybersecurity training is key. “Most companies provide employee training, but you have to make sure you have updated training and that you conduct simulated phishing attacks to put the learning into practice,” says Michael.
The cloud is another frontier for cyber threats. Manufacturers possess valuable customer data, digital assets and intellectual property that are attractive targets for thieves. “As more information goes into the cloud and more employees access it remotely, that data can be less secure than when it was on your own servers,” Michael says. “While the security at most cloud-computing organizations is good, it is still one more area where your data is exposed.”
Again, employee training can help maintain strong cybersecurity, as well as measures such as: encryption; access control, which can help prevent unauthorized individuals from accessing sensitive data; monitoring cloud activity; and securing a data backup plan.4
Shoring up cybersecurity is especially important for small- to mid-sized manufacturers, notes Michael. “If you can’t produce products and fulfill orders because of a cyberattack, your clients have options to go elsewhere, which can be devastating to a smaller business,” he says. “Once you know the risks, you can start taking preventative steps.”
1 World Economic Forum, “Manufacturing is the most targeted sector by cyberattacks. Here’s why increased security matters,” March 27, 2023
2 IBM Security, “X-Force Threat Intelligence Index 2023”
3 DFreight, “Supply Chain Integration: Revolutionize Your Business Operations”
4 EC Council Cybersecurity Exchange, “10 Tips To Maintain Strong Cloud Cybersecurity,” Oct. 6, 2022