Despite the fact that manufacturing remains a top sector when it comes to targeted cyberattacks, manufacturers haven’t focused on cybersecurity as a key aspect of their businesses. This is likely due to the fact that manufacturers don’t know how at risk they are, much less where they can begin to address their company’s particular cyber vulnerabilities.
Here are some alarming statistics related to cybercrime, which we’ve compiled with the aim of raising awareness of this threat among small manufacturers, as well as some direction for companies that want to begin to address this issue.
Why Cybercrime Protection Is So Important
As the world becomes more reliant on networked technology, cybercrime will rise and, correspondingly, the need for cybercrime protection will increase. Per industry expert Cybersecurity Ventures, $6 trillion in damages due to cyberattacks will be incurred by 2021.
Specific to the business world, Cybersecurity Ventures projects that a business will fall victim to a ransomware attack every 14 seconds by 2019.
But how do these statistics really pertain to manufacturers? While manufacturing isn’t quite as hard hit as the financial or healthcare sectors (depending on which report you read), it’s still significantly at risk according to many industry-specific reports:
- The manufacturing sector is the third most vulnerable to cyberattacks. (IBM X-Force Threat Intelligence Index of 2017)
- More than 25% of manufacturers responding to a 2017 survey said they had a cybersecurity incident in the last six months (Sikich)
- 86% of cyberattacks in the manufacturing sector are targeted (Verizon)
Moreover, most manufacturing business in the United States are small businesses. When you consider the manufacturing-specific statistics outlined above alongside the cybercrime data for the small-business segment of the economy, the risk starts to seem more and more genuine.
According to the National Association of Manufacturers (NAM), there were 251,774 manufacturers in the United States as of 2015. Ninety-eight percent of them had fewer than 500 employees, meaning that they qualify as small businesses.
Here are some relevant cybercrime statistics for the small business world, which includes the vast majority of manufactures:
- 58% of cyberattack breaches hit small businesses in 2017 (Verizon)
- On average, cyberattacks cost small businesses between $84,000 and $148,000 (UPS Capital)
How Are Manufacturers Approaching Cybercrime Protection?
Despite all signs pointing to the vulnerability of the manufacturing industry to cyberattacks, cybercrime protection isn’t enough of a priority for many manufacturing businesses.
Last year, the Ponemon Institute issued a study that reported on the state of cybersecurity among small and medium-sized businesses, which includes the vast majority of manufacturers (98% per the NAM statistics cited above).
While 61% of respondents said they had been subjected to a cyberattack in the last 12 months:
- 47% admitted to no understanding of how to protect against cyberattacks
- 41% do not comply with any IT security guidelines or standards
- Only 29% are at all confident in the security of IoT devices they use
While any business enterprise will involve a certain amount of risk, this level of risk doesn’t have to be so high — and can be reduced with a focused approach to cybercrime protection.
In the case of the manufacturing industry, the likely reasons manufacturers have not focused on this issue are 1) lack of awareness and 2) emerging cybersecurity standards that only recently became requirements for doing business in the automotive, aerospace, and defense industries.
Both of these issues are being addressed, however, as more and more manufacturers become cognizant of the risk and industry leaders step up to develop standards and enforce compliance.
With respect to the latter point, the following industry standards have come into play in just the last year or two:
- Defense Federal Acquisition Regulation Supplement (DFARS) standard required for all contractors involved in the Department of Defense supply chain.
- Automotive Industry Action Group (AIAG) Cyber Security 3rd Party Information Security requirements for automotive suppliers.
- National Institute of Standards and Technology’s NIST SP 800-171, which is closely aligned with both of the above standards.
With these standards in place, more and more manufacturers have a need — and some coherent guidelines — to start instituting practices that will provide them with cybercrime protection and reduce the associated risk to their businesses.
Taking Action to Institute Cybercrime Protection
With over 15 years of connected manufacturing experience and first-hand knowledge of the various points of infiltration cybercriminals use to invade manufacturing facilities both in the office and on the shop floor, TechSolve can help manufacturers of any size institute effective cybercrime protection programs.
To assess your risk and protect your company from cybercrime, request a consultation with a TechSolve cybersecurity expert today.