One of the most targeted sectors for cybercrime globally is manufacturing. In 2023, it was the industry with the highest share of cyberattacks, encountering around 25% of the worldwide total. Of these, malware and ransomware were the top types of attack. The average cost of a data breach in this sector last year was USD 4.73m.
This may seem surprising as, unlike finance or healthcare which have access to large volumes of highly confidential personal information, manufacturing doesn’t seem like an access point for valuable data. However, the nature of its evolution makes it an easier target for criminals, and the interconnectedness of global supply chains can create large-scale disruption.
Why is the manufacturing sector a target?
One of the main reasons that this sector is attractive to malicious actors is because of the recent shift to Industry 4.0. This has caused many manufacturing companies to become increasingly digitalised, incorporating automation and internet of things (IoT) technology to increase efficiency. Whilst this might have brought a significant improvement in productivity, it comes with some risk. More technology – particularly interconnected technology – exposes new vulnerabilities, making it easier for hackers to attack.
Cyberattacks on the manufacturing sector not only expose intellectual property and cause disruption on a particular production line, but it can also have much broader implications for the wider supply chain. These days, to manufacture any product requires multiple companies, often operating across different countries. An attack on one not only disrupts the supply chain it operates in as one part of the overall production is halted, but there is also a risk that malware can spread beyond the original target if any networks or systems are shared.
Examples of cybercrime in manufacturing
An example of this is US semiconductor manufacturer, Applied Materials. In February 2023, it announced that it would face a loss of USD 250m in earnings in Q2 that year as a result of delayed shipments due to a supplier facing disruption in production through a cyber attack.
How should manufacturing companies protect themselves?
Because of the rapid innovation within the manufacturing sector, it’s crucial that organisations are aware of the potential vulnerabilities that new technology brings and find ways to monitor potential threats. As always, ensuring that software updates are made as soon as possible to ensure security patches are installed is crucial. And because social engineering is one of the top threat patterns, making staff aware of their role in maintaining cybersecurity is essential.