Manufacturers are being targeted like never before
According to Verizon’s Data Breach Investigations Report, manufacturing saw the fourth-largest number of cyber incidents, behind the public administration, information and finance industries.3
In 2023, we saw huge global companies such as Clorox temporarily cease production and have many of its automated systems taken offline due to a large-scale cyber breach, disrupting entire supply chains and costing the company $356 million USD due to a 20% decline in sales.4
What weaknesses are cybercriminals exploiting?
An estimated 29 billion devices will be connected within the manufacturing industry by 2030.5 With increased connectivity comes a broader attack surface, as each interconnected device becomes a potential entry point for hackers.
Manufacturing processes rely heavily on these interconnected systems, making them susceptible to disruption if compromised. Vast amounts of data generated by these devices, including sensitive production information and intellectual property, provide lucrative targets for cybercriminals seeking to steal or sabotage.
Legacy software is vulnerable, while new software can be easily exploited
Many manufacturing firms rely on specialised software that may only be available through legacy access. Legacy software often lacks regular updates and security patches, leaving it more susceptible to known vulnerabilities that hackers can exploit. On the other hand, newer software may have vulnerabilities that are yet to be discovered or adequately addressed by developers.
The interconnected nature of manufacturing systems means that even if newer software is secure, it can still be compromised through vulnerabilities in other connected components or by exploiting human error.
Manufacturers pay ransoms more than other industries
Due to the critical nature of their operations and the high financial stakes involved, disruption to production lines can result in significant financial losses, making the option of paying ransomware ransoms to quickly restore operations more appealing than suffering through a cyber breach process.
Manufacturers often have complex supply chains, and any delay in fulfilling orders can lead to contractual penalties or damage to their reputation. These pressures may lead manufacturers to prioritise swift resolution over the long-term implications of incentivising cybercriminals through ransom payments.
Lack of cyber security training, human error and remote working
Employees can be ill-equipped to recognise and mitigate cyber threats. Human error, exacerbated by this lack of training, becomes a significant vulnerability, as employees may inadvertently click on phishing emails or fall prey to social engineering tactics. In fact, 95% of data breaches worldwide are caused by human error.6
The shift towards remote working further complicates matters, as employees may access sensitive systems and data from less secure home networks or devices, increasing the likelihood of exploitation by cybercriminals.
Why a cyber attack can be so devastating for manufacturing businesses
- Losses can be substantial. The median cost for Irish firms hit by a cyber incident is around €7,2007, however, costs can soon pile up depending on the severity of the incident and the size of your business operations.
- Downtime is lost money, and the pressure of unfulfilled orders, contracts and disruption to your supply chain can be devastating.
- Breaches of client data can lead to severe damage to your business’ reputation, especially if it is picked up by the press.
- Your business may not recover from the combined effects of the above.
NFP are a cyber insurance partner you can trust
Cyber insurance provides coverage for expenses related to incident response, recovery, legal fees, and potential liabilities, offering financial protection against the ever-evolving landscape of cyber threats.