Four in every five (80%) manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cyber security, according to a global study by Omdia.
In partnership with Telstra International, Omdia surveyed from August through November 2024 513 senior security decision-makers at mid- and large-sized firms across manufacturing in the United States, Mexico, the United Kingdom, Germany, France, Italy, China, Japan, South Korea, India, Taiwan, Singapore, and Australia.
Findings show that the heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation – a process defined as Industry 4.0.
While the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, it also increases the attack surface for cyber threats. Critical industries are increasingly lucrative targets for cyber exploitation including ransomware.
Manufacturers affected by a cyber attack reported a resilience or availability issue that cost individual firms between US$200,000 and $2 million, taking the biggest hit when incidents affected enterprise and corporate systems or production control.
Geraldine Kor, head of Telstra International’s global enterprise business team, said greater connectivity between IT and OT is needed to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.
Kor said the study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction.
“This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems,” said Kor. “It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges.”
Ganesh Narayanan, global head of Telstra International’s cyber security team, said that the manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats.
However, this approach is no longer sustainable with increasing IT-OT convergence, which expands the threat surface significantly.
“Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT,” said Adam Etherington, senior principal analyst at Omdia.
Etherington said that more pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.
“However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace,” said Etherington. “Given the magnitude of downtime costs from any breach or network incident that impacted operations, it’s important to better understand the causes for proactive remediation.”
