Posted By Paul Tate, September 08, 2015 at 12:54 PM, in Category: Cybersecurity
Some things you may never be able to predict with any certainty – floods, earthquakes, or sudden political upheavals. Any of these could suddenly wreak unexpected havoc across manufacturing supply chains, as recent history shows.
But in today’s increasingly interconnected world, it’s probably more likely that your manufacturing supply chain will be disrupted by cybersecurity breaches than any natural disaster or violent civil unrest.
In its latest Global State of Information Security Survey, consultants PriceWaterhouseCoopers (PwC) found that the number of detected security breaches across all industries last year leapt to 42.8 million, a massive 48% increase over 2013. Resulting financial losses also rose sharply – up by 34%.
Clearly, with greater connectivity across the world’s leading economies, comes an increase in vulnerability to new digital threats. Manufacturers everywhere now need to be more vigilant than ever about protecting their assets and supply networks from this rising tide of risk.
In some ways, industrial product manufacturers around the world fared better than most sectors last year, with security breaches rising around 17% over 2013. The bad news is that the cost of these cyber breaches is getting worse. PwC’s survey of more than 550 industrial products executives found that the total financial losses attributed to such breaks in information security rose in 2014 by 38%.
What’s more, the source of these cybersecurity risks is also changing for manufacturers. While PwC found that current and former employees remained the most-cited culprits of security incidents last year, compromises attributed to global competitors more than doubled in 2014. (See chart.) Many executives, says PwC, believe that sophisticated international competitors, perhaps backed by nation states, are increasingly trying to infiltrate their networks to pilfer trade secrets and manufacturing processes.
“Most industrial products companies don’t have sensitive consumer information to protect, but adversaries are interested in their intellectual property,” commented Quentin Orr, a PwC advisory principal on cybersecurity and privacy, in the report.
Part of this rising vulnerability is the result of industrial product manufacturers becoming ever more connected to networks of partners, suppliers and contractors around the world. Thankfully many companies already seem aware of the potential dangers of this greater connectivity. Information security budgets soared more than 150% over the past two years and information security outlays represented 6.9% of respondents' total IT budget in 2014, the highest of any sector in the survey.
PwC also found that last year 64% of industrial product sector respondents have duly implemented security procedures and standards for external partners, suppliers, and vendors, while 58% say they now perform full risk assessments on third party vendors. Nevertheless, that leaves a third of industrial products companies still behind the security curve and potentially vulnerable to digital disruption and theft.
“Today, sophisticated cyber adversaries often infiltrate smaller, less-mature companies and lie in wait for them to be acquired by larger firms,” warns PwC in the report. “When the companies’ information systems are integrated, threat actors may gain a foothold on the networks of the acquiring firms and attempt to exfiltrate trade secrets and other valuable information.”
And if all of the above hasn’t motivated you to take your cyber security strategy to a new level, imagine how much more vulnerable you may become as we get closer to the end-to-end digital world of Manufacturing 4.0 where your products are smarter and constantly exchange information through the cloud from multiple unsecured locations around the world, or you harness new on-demand production technologies like 3D printing, that uses detailed digital design and process files to create IP-dependent products and parts.
So what can do you do about it? Better internal security policies, employee training schemes and protection technologies will certainly help. So will a greater focus on assessing security risks among supply chain partners and third parties. But if you really want to drive root-to-branch cybersecurity awareness across your organization and secure the budgets to make this happen, you’ll need to get the attention of executives at the very highest level. That, it seems, is one area where there’s still much room for improvement.
Though increasingly acknowledged as a critical business risk, cybersecurity has still not attracted the active, direct involvement of most boards of directors across the world’s leading companies. The PwC report, for example, found that so far well under half of board of directors get involved with either security budgets (40%) or overall security strategies (42%).
What’s wrong with this picture? Will it take a massive, business-critical cyber breach before these senior executives start to recognize the increasing digital vulnerability of the networked world in which their companies now have to operate?
Written by Paul Tate
Paul Tate is Research Director and Executive Editor with Frost & Sullivan's Manufacturing Leadership Council. He also directs the Manufacturing Leadership Council's Board of Governors, the Council's annual Critical Issues Agenda, and the Manufacturing Leadership Research Panel. Follow us on Twitter: @MfgExecutive