Posted on Jan 21, 2019

Security has always been a vital issue for manufacturing firms, but the threat of cyber attacks requires ever more sophisticated preventative measures.

If your firm hasn’t stepped up its game, it’s vulnerable to all sorts of predators. That could leave it open to  financial losses, production delays and, in a worst-case scenario, failure.

Threats from Synergies

Technological advances, including the Internet of Things (IoT), continue to dominate the manufacturing sector. To increase the benefits of technology, manufacturers typically unify operations and business processes in some manner. A logical approach is to coordinate Internet technology (IT) functions that control the business with operational manufacturing technology.

The synergies of this approach are obvious, but security risks are increased. With systems being connected through the IoT, new entrance points have opened up to cyber criminals. And this has led to a corresponding rise in the number and severity of cyber attacks.

For instance, an industrial IoT environment may feature sensors at various locations at a manufacturing plant. Although they provide a valuable stream of business and operating data, the sensors are gateways to critical infrastructure and processes. Sophisticated hackers can now enter a system, seize data, cause malfunctions or otherwise use the information for their own purposes.

Countering the Attacks

How can you best protect your firm from cyber attacks at this defining moment in time? Here are four practical suggestions.

1. Employ best practices.

Increasingly, cyber attacks are being conducted on a geopolitical level, involving foreign nationalists and governments that have massive resources at their disposal. This spans many industries and triggers protocols on a national level.

For U.S. manufacturing firms, the groundwork for current best practices was laid in 2013 when the National Institute of Standards and Technology (NIST) was directed to develop the framework for an authoritative source. According to a 2016 study, 70% of the organizations view the NIST Cybersecurity Framework as the most popular best practice for IT. Other countries have followed suit by adopting similar standards or are actively working on their own versions.

These national standards create a methodology for addressing cybersecurity issues. They focus on common sense risk analysis, risk tolerance assessment and risk avoidance. Other industry standards outside of government direction can provide protection. Notably, IEC 62443 is a robust standard for industrial automation technology that can safeguard operations across multiple layers.

Nevertheless, cyber threats change daily, so these standards are constantly being updated. It is essential to keep close track of new protocols and standards signifying best practices.

2. Study the financial aspects.

Virtually every manufacturer recognizes the risks of cyber attacks in the current environment. But firm management needs to assess these problems in terms business owners can truly understand: dollars and cents.

Simply put, it’s time to shift the conversation from the fears of a cyber attack to protecting the bottom line. Data breaches cost manufacturers billions each year worldwide, not to mention the damage to reputations. Also, insurers may limit how much coverage that can be acquired for cyber attack protection. In some parts of the world, insurance premiums are based on responses to questions about how the firm is adhering to cybersecurity best practices.

By its very nature, cybersecurity is expensive. But managers must invest enough to protect overall interests or risk losing the company entirely.

3. Perform risk management.

Once business leaders buy into the premise that better cybersecurity is worth the investment, they can move to protect their interests. This means determining the size of the gap that needs to be closed.

For starters, ascertain the value of manufacturing processes and company assets to the company. This involves a calculation of the size of the security risk. For example, if the plant were forced off-line for a week due to a cyber attack, what would the dollar loss be?

Each firm is different, so you must figure out how to integrate security risk management functions into the infrastructure. These functions can take the form of risk avoidance, mitigation, acceptance or transference. Then you can address the gaps specific to your operation and plant.

Also, remember that people are the first line of defense. Security must be incorporated into everything from personnel screening to employee training. Every employee must take ownership of their own security, adhere to industry standards and follow vendor documentation for system configuration. Finally, develop a corporate culture that emphasizes security.

4. Continue to adjust.

This isn’t a “get it and forget it” proposition. Your cybersecurity plan should be a living, breathing document that is analyzed on a regular basis and updated when necessary. Programming elements, such as threat monitoring and bug patching, must be continuing. Cybersecurity risk management isn’t a single event, it’s a long play.

In the past, you may have said, “If it ain’t broke, don’t fix it.” But that doesn’t work anymore. The safety of your business, and ultimately its future profitability, depends on your plan.

Emphasize the suggestions outlined above and keep up with evolving industry standards. Don’t wait for a catastrophe to strike before you adopt sufficient protective methods. If you need assistance in implementing these objectives, consult your business advisors.

How Bad is the Problem?

The statistics don’t lie. About half of the country’s manufacturers have been hit by a cyber attack.

According to a 2018 report from the UK manufacturers’ organization EEF, 48% of UK manufacturers surveyed have suffered cyber attacks, with half of those victims sustaining financial or other business losses. Managed security services firm NTT Security, in its 2018 Global Threat Intelligence Report, identified manufacturing as the fourth-most targeted industry, trailing only finance, technology, and business and professional services.

As attacks have risen, so have the damages. According to a report from the nonprofit consortium Alliance for Manufacturing Foresight, about 400 manufacturers were attacked every single day in 2016, resulting in more than $3 billion in losses.

Posted on Jul 19, 2016


Our world is more interconnected than ever before. The Internet has become an integral part of everyone’s business and personal lives. But along with Web-based opportunities come risks of breaches and associated losses. The U.S. Department of Homeland Security has launched a series of education seminars this October as part of National Cybersecurity Awareness Month. The goals are to raise awareness about cybersecurity and to increase the U.S. resiliency against the threat of a cyber incident. Here, we reveal findings from two recent studies that underscore the importance of protecting your business against data breaches.

Sobering Statistics

The second-quarter 2015 Duke University / CFO Magazine Global Business Outlook survey revealed that approximately four out of five U.S. companies had experienced at least one serious outside hacking attempt to steal, make public or change important data in the last year. Breach rates were even higher among European companies (92%) and those with fewer than 1,000 employees (85%). In the third-quarter 2015 Global Business Outlook survey, data security once again made the list of top 10 CFO concerns.

A recent claims study by NetDiligence, a cyber risk assessment and data breach services provider for the insurance industry, reports that the average cost of a cyber breach in 2015 was nearly $674,000. But the NetDiligence dataset includes some claims that haven’t yet been paid, and it estimates that the average cost could rise to $1.1 million, assuming self-insured retentions are met.

Most of these claims involved losses of records containing personal identifiable information (45%), followed by payment card information (27%) and personal health care information (14%). Nearly a third of the incidents involved hackers. The health care and financial services industries accounted for the most claims (21% and 17%, respectively). But the largest claim overall occurred in the retail industry.

Preventive Measures

What steps has your company taken to minimize data breach risks? The first step in any cybersecurity plan is identifying your “crown jewels,” the data that’s most valuable to your organization. Depending on your industry, that might be trade secrets, financial data or customer data, for example. Focus most of your attention on making these assets more secure. Doing so requires an understanding of who has access to your most valuable intellectual property assets, including employees and third-party vendors.

Protecting against cyber threats is an ongoing chore that requires buy-in from everyone in your organization. The most common data security technique reported by CFOs in the Global Business Outlook survey was installing new software (64% of respondents). In addition, approximately one-third of respondents plan to train employees about breach prevention, install updated IT hardware or hire a data security firm to review their protocols.

Other ways to beef up your company’s cybersecurity measures include:

  • Installing the latest software, hardware or application updates on every device as soon as they’re released by the manufacturer. Doing so can help thwart hackers who troll for patches and updates to exploit the latest system vulnerabilities. Nimble hackers can then use these vulnerabilities to steal data before businesses have a chance to install the fix.
  • Limiting the number of devices connected to the Internet and minimize off-site risks. For example, consider limiting which employees can work from home. It’s also important to educate employees about the risks of cyber breaches and to install encryption software on devices that link to external networks. Employees who take devices out of the office expose your company’s data to less-than-secure home networks and public hotspots that provide wireless Internet access.
  • Fortifying your defenses against losses from breaches with cyber liability insurance. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident. Cyber liability insurance can cover a variety of risks, depending on the scope of the policy. It typically protects against liability or losses that come from unauthorized access to your company’s electronic data and software.

Instead of purchasing a standalone cyber liability policy, you can add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the endorsement isn’t as extensive as the coverage in a standalone policy.

Business owners and managers should carefully read their policies to understand what types of incidents are specifically excluded from coverage. And, remember, no type of cyber liability insurance is a suitable replacement for sound cybersecurity policies and procedures. Other well-resourced preventive measures can also reduce your premiums for cyber insurance.

Year-End Planning

National Cybersecurity Awareness Month is a perfect time to launch an educational program for your employees about these risks and preventive measures. If you’re unsure where to start, forensic accountants are familiar with ways to identify and reduce costly cyber breach risks. Giving some extra attention to cybersecurity before year end will help your business start off 2016 on the right foot.