Cyber risk in advanced manufacturing: Be Secure.Vigilant.Resilient.™

By Trina Huelsman

I recently coauthored a Cyber risk in advanced manufacturing1 study with the Manufacturers Association for Innovation and Productivity (MAPI) and my colleagues Sean Peasley, Partner, Cyber Risk leader for Consumer and Industrial Products, and Ryan Robinson, Director, Industrial Products and Services Research Leader, Deloitte’s Center for Industry Insights. We collaborated with MAPI and Forbes Insights to study the current state of cyber risk in advanced manufacturing, anticipate emerging risks associated with new technologies, and identify leading practices manufacturers can adopt to face these risks head-on and become more secure, vigilant and resilient. To inform the insights we conducted 35 live interviews, held an innovation lab, and in collaboration with Forbes Insights, collected 225 survey responses.

We aspired to go beyond the survey data for the study. For each of the six key themes represented below, we pulled together a playbook section including key lessons learned and actions being taken to address these emerging risks through discussions with clients and Deloitte professionals in these areas.A number of interesting findings arose in the study that are summarized below. To download the full report, executive summary and infographic, click here: Cyber risk in advanced manufacturing.

Executive and board engagement
The manufacturing industry is vulnerable. Nearly 50 percent of executives surveyed indicate they lack confidence their company’s assets are protected from external threats. Additionally, 48 percent of cyber risk executives surveyed believe while senior management is committed to improving the company’s cyber-risk profile, obtaining adequate funding to support key cyber initiatives such as risk assessment, data protection, cyber threat monitoring, incident response planning, and employee awareness remains a significant challenge.

Traditional board reporting covers enterprise networks and business systems, but doesn’t often expand into broader areas of cyber risk related to innovation, industrial control systems and connected products. Only when the board and C-Suite clearly understand the company’s true cyber risk profile can they appropriately prioritize resource allocation in alignment with their risk tolerance.

Source: Cyber risk in advanced manufacturing, Deloitte and MAPI

Talent and human capital
Cyber risk is everyone’s responsibility too…the IT department can’t do it alone. Executives indicate that employees may be the weakest link in their cyber risk programs as they may not be aware of the cyber threats their companies face on a daily basis. That means every employee needs to understand the role they play, from the shop floor, to the R&D team, to the C-suite to adopt a culture that is proactive about managing cyber risks. This takes dedicated resources, training, and the right technologies to address new security risks before an attack.

Intellectual property
Intellectual property is consistently ranked by as executives as a top cyber risk concern too. It can constitute up to 80 percent of a company’s value.2 In fact, 35 percent of executives believe that theft of intellectual property was the primary motive of their most recent cyber-attack. In addition, significant and increasing concern exists around more sophisticated state-sponsored attacks on IP. Preventive and detective data protection strategies can help a company to secure their data from the inside out…and capture the value of their investments in intellectual property.

Source: Cyber risk in advanced manufacturing, Deloitte and MAPI

Industrial control systems
Shop floors are increasingly vulnerable. Industrial Control Systems operate highly automated manufacturing processes where employee safety, environmental protection, and operational efficiency are of paramount importance. Yet – 50 percent of surveyed companies indicate they perform vulnerability testing for industrial control systems less than once a month and 31 percent have never done an assessment. By implementing technologies to provide automated 24×7 cyber threat monitoring, manufacturers can become more vigilant in protecting critical manufacturing operations.

Connected products
IoT technologies are driving an exponential increase in connected products and associated cyber risks. Yet, 37 percent of companies surveyed do not include connected products in cyber incident response plans. Planning ahead before a breach occurs – so the entire organization is prepared to respond and quickly neutralize threats –can help companies become more resilient.

Industrial ecosystem
Today’s evolving business environment is subject to increasing digital expectations from clients and customers, and new cybersecurity requirements being put on suppliers. Many manufacturers are just beginning to assess cyber risks related to key third parties in their innovation network, subcontractors, supply chain, and other critical business partners. Manufacturers should define requirements for third-party risk management up front in key contracts, and increase monitoring and assurance activity over third parties to reduce cyber risk.

Cyber risk and innovation are inextricably linked. In the race to compete on a global scale, manufacturers cannot afford to slow innovation simply because it cannot be perfectly secured, but neither can they innovate without appropriate regard for the inherent risks being created. To succeed, senior executives should build in security from technology ideation through retirement through a cyber risk program to become secure, vigilant, and resilient.

To get a more in-depth look of the findings, be sure to visit where you can download the full report, executive summary and infographic. And, be on the lookout for an upcoming series of blog posts on the key themes identified in our study.

Join the conversation on @DeloitteMFG and @MAPI_Mfg_Info. #cybersecurity #MFG

1Deloitte and MAPI, Cyber risk in advanced manufacturing, 2016.
2Ocean Tomo, “2015 annual study of intangible asset market value,” March 5, 2015,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s