According to Shahryar Shaghaghi, Head of International BDO Cybersecurity, “All it takes is one weak link in the security chain for hackers to access and corrupt a product feature, an entire supply chain or a critical piece of infrastructure. The stakes are too high in the manufacturing industry for complacency or inattention. Security can no longer be considered an add-on to products and processes.”
Top 20 Risk Factors Facing Manufacturers
Cybersecurity isn’t just something we want to push on manufacturers. It’s something manufacturers are inherently concerned about themselves. Look at the table below for more insight.
In 2017, adherence to federal/state/local regulations was the second highest risk factor out of the top 20 cited by manufacturers. This includes cybersecurity regulations such as DFARS which is a federally-mandated regulation affecting manufacturers who engage in military contract work.
Priority Number — Risk Factor
1 — Supplier, vendor or distributor disruption
2 — Federal, state and local regulations
3 — Labor costs, retention and outsourcing
4 — General economic conditions, including disruptions in the financial markets
5 — Competition and pricing pressure
6 — Environmental regulations and liability
7 — Cybersecurity breaches
8 — Threats to international operations
9 — Failure to execute growth or efficiency strategy
10 — Foreign currency exposure
11 — M&A, joint ventures and partnerships
12 — Operational infrastructure, including information systems and technology
13 — Less demand for products or services
14 — Commodity, component and raw material costs and availability
15 — Natural disasters, terrorism and geopolitical events
16 — Access to capital, financing and liquidity
17 — International trade policies
18 — Innovation and meeting consumer needs/preferences
19 — Litigation and legal proceedings
20 — Product contamination and recalls
Note: Risk factor stated in 2017 SEC filing by U.S. manufacturers
The 7th highest concern out of the top 20 risk factors was the threat of a cybersecurity breach. So, not only is cybersecurity something manufacturers are concerned about, but it’s being required by federal law in many cases. For a more in-depth analysis on these two risk factors, check out BDO’s full report here.
Unique Cybersecurity Challenges Facing Manufacturers
Manufacturers have their own unique challenges in terms of cybersecurity. They have SCADA systems, CNC machines plugged into the internal network, and control systems that run machinery and are also on the network. Other industries are mainly concerned with protecting workstations, servers, and network equipment. In manufacturing, there is a whole plethora of other devices that now need to be in-scope for security assessments.
Then there’s the threat to intellectual property. The FBI estimates that $400 billion worth of IP leaves the U.S. each year.
Even if a manufacturer doesn’t store medical data (HIPAA) or credit card data (PCI), the cost of downtime alone should be a reason to take a hard look at cybersecurity, particularly having a current, tested incident response plan in place.