Why manufacturers are top targets for cyber criminals

Manufacturers are being targeted like never before 

According to Verizon’s 2023 Data Breach Investigations Report, manufacturing saw the fourth-largest number of cyber incidents, behind the public administration, information and finance industries.²

In the same year, we saw huge global companies such as Clorox temporarily cease production and have many of its automated systems taken offline due to a large-scale cyber breach, disrupting entire supply chains and costing the company $356 million USD due to a 20% decline in sales.³

What weaknesses are cybercriminals exploiting?

An estimated 29 billion devices will be connected within the manufacturing industry by 2030.⁴ With increased connectivity comes a broader attack surface, as each interconnected device becomes a potential entry point for hackers.

Manufacturing processes rely heavily on these interconnected systems, making them susceptible to disruption if compromised. Vast amounts of data generated by these devices, including sensitive production information and intellectual property, provide lucrative targets for cybercriminals seeking to steal or sabotage.

Legacy software is vulnerable, while new software can be easily exploited

Many manufacturing firms rely on specialised software that may only be available through legacy access. Legacy software often lacks regular updates and security patches, leaving it more susceptible to known vulnerabilities that hackers can exploit. On the other hand, newer software may have vulnerabilities that are yet to be discovered or adequately addressed by developers.

The interconnected nature of manufacturing systems means that even if newer software is secure, it can still be compromised through vulnerabilities in other connected components or by exploiting human error.

Manufacturers pay ransoms more than other industries

Due to the critical nature of their operations and the high financial stakes involved, disruption to production lines can result in significant financial losses, making the option of paying ransomware ransoms to quickly restore operations more appealing than suffering through a cyber breach process.

Manufacturers often have complex supply chains, and any delay in fulfilling orders can lead to contractual penalties or damage to their reputation. These pressures may lead manufacturers to prioritise swift resolution over the long-term implications of incentivising cybercriminals through ransom payments.

Lack of cyber security training, human error and remote working

Employees can be ill-equipped to recognise and mitigate cyber threats. Human error, exacerbated by this lack of training, becomes a significant vulnerability, as employees may inadvertently click on phishing emails or fall prey to social engineering tactics.

The shift towards remote working further complicates matters, as employees may access sensitive systems and data from less secure home networks or devices, increasing the likelihood of exploitation by cybercriminals.

Why a cyber attack can be so devastating for manufacturing businesses

• Losses can be substantial. The average annual cost of a cyber breach in the UK is £15,300 per victim, which can soon add up if multiple victims or devices are affected.⁵
• Downtime is lost money and the pressure of unfulfilled orders and contracts can be devastating.
• Breaches of client data can lead to severe damage to your business’ reputation, especially if it is picked up by the press.
• Your business may not recover from the combined effects of the above.

NFP are a cyber insurance partner you can trust

Cyber insurance provides coverage for expenses related to incident response, recovery, legal fees, and potential liabilities, offering financial protection against the ever-evolving landscape of cyber threats.

Our team of cyber insurance specialists are here to manage your risks and claims pro-actively and use their vast experience to find the best cyber insurance solutions for your business.