The manufacturing sector is under attack – from cyber criminals. According to a report from Armis, the manufacturing industry experienced a 165% increase in cyberattack attempts in 2023. Along with educational services, manufacturing was the most targeted industry. A cyberattack is often devastating, but there are ways to mitigate cyber risks in manufacturing.

Millions of Dollars Are at Stake

A ransomware or other cyberattack may shut down operations, often resulting in losses of millions of dollars. This is on top of the data loss and reputational damage that may occur.

According to The Record, there have been multiple high-cost attacks in the manufacturing sector. For example, Applied Materials reported that a ransomware attack on one of its suppliers was going to cost $250 million in the following quarter.

In the manufacturing sector, some attacks even cause physical damage. Dark Reading says at least 68 cyberattacks had physical consequences on operational technology networks at more than 500 sites in 2023. Some of these attacks caused $10 million to $100 million in damages.

All Internet-Connected Devices Need to Be Secure

Whereas people often focus on computers when improving cybersecurity, smart devices (including internet-enabled manufacturing equipment) also provide an entry point for cyberattacks. Armis found that hackers often exploited vulnerabilities in manufacturing equipment.

Are you:

• Using strong passwords (not default passwords) and two-factor authentication?
• Changing passwords regularly and whenever employees who had access leave the company?
• Implementing the principle of least privilege, network segmentation, and other protocols that prioritize security?
• Using firewalls and anti-virus protection?
• Applying updates and security patches as soon as they become available?
• Receiving regular assessments from a cybersecurity expert to look for potential vulnerabilities?

Vendors and Suppliers Also Need Good Cybersecurity

An attack on one of your vendors or suppliers could damage your company. For example, an attack on a vendor could expose your data, which would subject your company to data breach notification requirements and harm your reputation. An attack on a vendor or supplier could force your operations to pause, which would result in major losses.

• Are you assessing the cybersecurity of vendors before entering into agreements?
• Do your contracts outline liability concerns and require insurance coverage and regular cybersecurity assessments?
• Have you diversified your supply chain to have backup options if one supplier becomes unavailable due to a cyberattack?

Human Workers Are Often the Weakest Link

Many cyberattacks involve social engineering. In some cases, social engineering may be a way to access systems to carry out the real attack. For example, a scammer may target one of your employees with a phishing email to trick the employee into clicking a malicious link that then infects the system with ransomware.

Other times, the entire ploy is based on social engineering. For example, business email compromise scams involve an imposter posing as a company leader, vendor, or other legitimate contact to trick the recipient into making a wire transfer or carrying out some other act. Since the rise of generative AI and deepfake technology has made it easier than ever for scammers to carry out convincing impersonations, extra diligence is necessary. Do you:

• Train workers on how to spot phishing attempts and business email compromise scams?
• Periodically test workers with fake phishing messages?
• Flag emails that come from outside your company?
• Have procedures in place to verify sensitive requests, such as requests to authorize wire transfers, change vendor or supplier bank account information, update bank accounts for employee paychecks, or change shipment addresses?

Do You Have a Cyber Incident Response Plan?

If a cyberattack occurs, your level of preparation will determine how severe the consequences are. For example, IBM says the global average cost of a data breach was $4.45 million in 2023, but organizations that use security AI and automation extensively saved $1.76 million. Your level of security will also impact the time it takes you to recover. According to Cignet, the average ransomware attack causes disruption for 21 days, but large companies that are unprepared may be down for months.

• Do employees know how to report cyber incidents or potential incidents?
• Do you have backups of important files stored in the cloud or on a device not connected to your computer network?
• What resources will support your efforts to identify and contain a cyberattack?
• What data breach notification laws are applicable, and how will you ensure you are compliant?
• What are the priorities during a cyberattack? For example, if your company has volatile materials that need to stay cool, ensuring these materials remain stable during a disruption will be the priority. Materials that could go bad (such as food ingredients) may also be a priority.
• Do you have adequate cyber insurance? Cyber insurance helps businesses launch a response and covers the costs associated with a cyberattack.

Founded in 1961, Wilson, Washburn & Forster recently joined Alera Group, the nation’s 14th largest independent insurance agency. As part of this national firm, we can provide our clients with even more resources and technical expertise while maintaining the local service, claims handling, and community commitment Florida businesses expect.

Contact us today at 786-454-8384 for a complimentary analysis of your insurance and risk management program by an insurance specialist in this field.