As the world around us continues to evolve rapidly, manufacturing enterprises are investing in the latest digital tools and solutions to remain relevant and meet shifting consumer demands. Unfortunately, the increased adoption of technology at the workplace is making manufacturers more vulnerable to cyberattacks.

In 2020 alone, there was a 124% increase in cybercrimes targeting manufacturers, according to the US-based cybersecurity firm CrowdStrike, while a report by the UK-based manufacturers’ organisation Make UK said roughly half of all manufacturers in the country have been victims of cyberattacks. Manufacturing is the third most targeted sector in the UK.

 

So, what makes manufacturers a key target for cyberattacks?

 

There are numerous reasons why cyber criminals are increasingly targeting manufacturing organisations. Among the most widely cited reasons are the large amounts of sensitive and valuable data on consumers and suppliers, as well as the absence of up-to-date cybersecurity systems, particularly at Small and Medium Businesses (SMB). The US National Center for Manufacturing Services associates the surge in cyberattacks to rising competition in the industrial sector “where intellectual property is at a premium”. Other factors could include the presence of unsecured devices, as well as inadequate employee training to detect and monitor cyberattacks.

 

The increase in cyberattacks are also attributed to cyber criminals gaining access to more advanced technologies, thus making it more cumbersome for investigators to track data breaches and phishing attacks. According to KPMG, emerging technologies are regularly used to create new types of malwares, identify vulnerabilities in large defence systems and develop sophisticated password cracking systems. With the help of emerging technologies, cybercrimes are becoming more “accurate, targeted and innovative,” as per KMPG.

 

Certainly, the consequence of falling victim to cybercrime is significant. For example, in 2018, the financial loss from cybercrimes exceeded US$ 600 billion worldwide, dwarfing the GDP of many countries, while the average cost of a data breach in North America is reported to be US$ 1.3 million, according to cybersecurity firm Kaspersky Lab.

 

Yet, the financial aftermath is not the only factor that is encouraging manufacturers to put cybersecurity safeguards in place – it has also become an important stakeholder requirement. 59% of the manufacturers surveyed by the Make UK said their customers have asked them to demonstrate the robustness of their cybersecurity processes, while 58% said they have asked the same from a business within their supply chain.

 

Ways to Mitigating Cyber Risks

To unlock the potential of the Fourth Industrial Revolution (4IR) and reduce the risk of cyberattacks on manufacturers, industry stakeholders must better understand how to manage and improve the safety of their technology systems. To bridge the gap between awareness and action, the Global Manufacturing and Industrialisation Summit (GMIS) and the Lloyd’s Register Foundation (LRF) commissioned the University of Cambridge (Policy Links – Institute for Manufacturing) to compile an international review of the safety and security implications of the 4IR technologies. The report identified four main strategies currently used in cyber risk management: avoidance, transference, mitigation and acceptance of risk.

 

 

To minimise the risk of cyberattacks, the report suggests tactics such as replacement of legacy systems, reduction of third-party access to networks, use of strong passwords, continuous verification of the Internet of Things (IoT) devices, adoption of relevant cybersecurity standards, and testing out cyber stress scenarios to assess potential losses. Furthermore, the report recommends that manufacturers create new regulatory frameworks and standards, develop industry-specific cybersecurity policies, clarify security liability and responsibility issues to reduce current vulnerabilities.

 

 

Additionally, the GMIS-Llyod’s report identifies cyber insurance as a key area of action for the safe adoption of 4IR technologies in manufacturing. Although the current cyber insurance market is small and only a handful of insurance providers offer protection for industrial systems, manufacturers can take advantage of traditional insurance policies that do not explicitly exclude cyberattacks. Alternatively, they could choose cyber affirmative insurance policies that cover data breaches, software losses and business interruptions.

 

 

Whilst there is a global consensus on the need to improve the regulation of advanced technologies, the 4IR landscape is evolving so fast that as soon as a regulation is introduced, a new threat emerges. To counter this, many governments are taking steps to improve their national cybersecurity resilience through a number of policy initiatives and programmes. However, these are often top-line strategies that do not consider the specific nuances experienced by sectors such as manufacturing.

 

 

Therefore, if the manufacturing sector is to realise the full potential of the 4IR, a one-size-fits-all approach is insufficient. Importantly, comprehensive security cannot be the exclusive domain of large businesses that can financially afford bespoke end-to-end protection.

 

 

The emergence of the Industrial Internet of Things (IIoT) in the manufacturing industry has created huge potential targets for cybercriminals to exploit. As the number of attacks and the value of the intellectual property rises, it is vital that manufacturers and policymakers pay more attention to cybersecurity and thereby contribute to the advancement of manufacturers.