The manufacturing industry is taking a beating when it comes to cyberattacks.
The industry has been the biggest target for cyberattacks three years in a row, accounting for more than 25% of incidents, according to IBM’s 2024 X-Force Threat Intelligence Report.
Manufacturers were targeted in 70% of ransomware attacks in 2023, leading to millions of dollars in losses. Moreover, the costs of these attacks are have risen by an average of 125% per year and are projected to reach a global impact of $10 trillion by 2025, according to the World Economic Forum.
Why are manufacturers coming under such cyber fire?
Because of high-value payoffs, said Shankar Somasundaram, founder and CEO of Asimily, a connected device security firm.
“Manufacturers are sitting on valuable intellectual property, proprietary designs and critical operational data,” Somasundaram said. “Their role in supply chains and the broader economy means operational disruptions can create widespread impacts — giving attackers significant leverage in ransomware scenarios.”
For instance, in September 2023, manufacturer Johnson Controls lost over $27 million through a ransomware attack when a hacker group stole highly sensitive information.
“Once attackers started seeing big payoffs from ransomware attacks, they realized it was a gold mine. As soon as a few cyber criminals had success, more jumped on board,” said David Chaddock, managing director in West Monroe’s cybersecurity practice.
Cybercriminals determined that if they can disrupt a manufacturer’s production line, they can cause significant financial damage. “It’s similar to attacking a hospital — if you target something critical, people are more likely to pay a ransom to get things back up and running quickly,” Chaddock said.
“For manufacturers, downtime means lost revenue, and when you’re producing millions of units a day, even a short disruption can have a huge impact,” he added. “More often than not, companies will pay the ransom because the cost of doing so is still less than the revenue they’d lose from an extended shutdown.”
Increased digitalization with no security improvements
One of the biggest reasons manufacturers are so vulnerable to cyberattacks is their “heavy reliance on industrial control systems and OT equipment, much of which were designed decades ago without built-in security features,” Somasundaram said. “These legacy systems often can't be easily patched or updated without risking operational disruption, leaving known vulnerabilities unaddressed for extended periods.”
At the same time, “the increasing digitalization of manufacturers’ operations through Industrial [Internet of Things] devices and internet-connected sensors is creating a vastly expanded attack surface with tens or hundreds of thousands of connected devices, each potentially serving as an entry point for attackers,” Somasundaram added.
In other words, the older, vulnerable systems aren’t secure, while more recent, digitized systems can be exposed to new cyber threats.
“When combined with the industry’s requirement for continuous operations and the high cost of downtime, security teams often face difficult choices between maintaining production and implementing necessary security measures,” he added.
This means, if the company decides to integrate new cybersecurity, it may have to slow down or halt production to overhaul the systems. For some, this tradeoff may be too unfeasible, pushing them to forgo tighter cybersecurity in favor of production continuity.
“When combined with the industry’s requirement for continuous operations and the high cost of downtime, security teams often face difficult choices between maintaining production and implementing necessary security measures.”
Shankar Somasundaram
Founder and CEO, Asimily
Implementing new technology with no training
Cyber threats are further amplified as “the rush to implement these technologies for operational efficiency has frequently outpaced security considerations,” Somasundaram said.
“A lot of them are implementing technology without proper understanding or training,” said Keatron Evans, VP of portfolio product and AI strategy at Infosec, an organization providing cybersecurity training and certifications. For instance, many manufacturers have rapidly adopted cloud technologies without a complete understanding of cloud computing and cloud security, he said.
This is worsened by the ongoing labor crunch in the manufacturing industry. Many companies are forcing staff to take on additional tech operational and cybersecurity responsibilities due to a shortage of those with specialized skills, Evans added.
Labor is a key piece in the cybersecurity puzzle, as 95% of breaches result from human error, according to the World Economic Forum. That’s why one of the strongest cybersecurity recommendations is to control the human factor through adequate training and implement stringent protocols for who can access sensitive data.
Securing third-party vendors
Manufacturing companies are typically heavily reliant on third-party vendors and interconnected global supply chains, making them more reliant on others’ cyber infrastructure.
“When these operations are so deeply intertwined, a manufacturing firm could have the most airtight security posture and still be somewhat at the mercy of their partners’ security processes — into which they have no visibility,” said Justin Shattuck, chief information security officer at cybersecurity risk management firm Resilience.
The company’s Midyear 2024 Cyber Risk Report found that hackers have been increasingly exploiting third-party risk. According to the report, 35% percent of claims originated in a vendor failure in 2023.
“As relative laggards to digital transformation, manufacturers still tend to think about cybersecurity in an outdated way: have we been hacked, or are we safe? But the question needs to be far less black-and-white,” Shattuck said.
He encourages manufacturers to instead consider their level of risk based on typical attack patterns in the industry, how limited operations would be after a cyberattack, what tools they need to restore operations and the span of their cyber insurance policy coverage.
“By beginning to ask these questions, thoughtfully and on a regular basis — and then making changes accordingly — manufacturers can go forth knowing that even if they’re hit, they would still be able to maintain business continuity and avoid major financial loss,” Shattuck said.
