Manufacturing is home to a number of fundamental areas of expertise that are, in many cases, as old as the industry itself: process engineering, robotics, supply chain management and quality control, among others. Yet one competency that has quickly become as critical to organizational operations as any other is a relatively new, and largely foreign, field to most manufacturing professionals: cybersecurity.
Cyber threats aren’t a new problem, but they are a modern challenge that many industries – none more so than manufacturing – have struggled to stay ahead of in recent times. Even for organizations that recognize a cybersecurity deficiency or inadequacy, next steps aren’t always obvious. And amid the current wholesale cybersecurity talent shortage, companies face an uphill battle simply hiring the number and quality of specialists to address their most basic needs.
Manufacturing companies don’t know what they don’t know. Just as you wouldn’t ask your mailman to do your taxes, a mechanical engineer can’t be expected to build and manage a cybersecurity infrastructure. Nor are manufacturing leadership and human resources personnel ideally suited for hiring cybersecurity talent – even if demand didn’t currently outpace the talent supply. Given all these shortfalls, what are manufacturing organizations to do about filling the cybersecurity gap?
Why Is Manufacturing at Higher Risk?
The global cybersecurity workforce continues to expand – up to 12.6 percent between 2022 and 2023 – but as of a year ago, the labor force was calculated to be in a deficit of four million workers across industries, according to World Economic Forum. That shortfall has grown steadily, and it is felt most sharply in the manufacturing industry, which, as recently as 2023, experienced more than a quarter of all cyberattacks across industries – easily the largest share of any industry.
What’s more, those attacks are not only more frequent but more costly: Although overall costs of cybersecurity breaches fell in 2024, the average damage from an event leapt from $4.73 million to $5.56 million – an increase of 17.5 percent (the highest of any industry). What are the issues driving these differences? Manufacturing faces some industry-specific and entrenched challenges that have been exacerbated by the cybersecurity talent shortage:
- Legacy systems. Most older operating systems lack modern cybersecurity capabilities, making them a major risk to companies still using them. (Some companies can still be found using Microsoft to run their whole operation.) But whether they are unaware of the threat, underestimate it or believe they are unable to afford the cost of an update, organizations that continue to rely on legacy systems attract cyberthreats and too often learn that the cost of modernization is far more affordable than the alternative: a breach.
- Interconnected supply chains. Every manufacturer works with a network of suppliers who make up a business-critical interconnected supply chain – but that network also represents multiple entry points for cyberattacks and, as a result, is one of the greatest cybersecurity risks for any company. Even if an organization’s cybersecurity is on point, it may share whatever risk a supplier’s operation faces due to their connectivity.
- Intellectual property theft. Because the value manufacturers create often comes from proprietary methods, processes or designs, intellectual property is a massive cybersecurity concern in the industry.
- Production downtime. Manufacturers who rely heavily on automated production lines are especially vulnerable to ransomware attacks. A breach can result in missed deadlines, supply chain disruptions and significant financial losses due to production downtime – an annual cost of billions across the industry.
The Response
If all this makes it sound as though there’s a cyber boogeyman around every virtual corner, well … I regret to inform you that this is more or less the case. Manufacturers are inherently more vulnerable than the average business to malware, phishing, social engineering and other cyberattacks, and the potential costs of a breach typically cut those in the industry deeper.
With the cybersecurity talent shortage seemingly making it impossible for an organization to hire its way out of the problem, what can be done? In the same way outside providers are often employed to handle everything from information technology to janitorial services, a managed security service provider (MSSP) can be engaged to assess risk, make related recommendations on everything from hardware to employee protocols, and provide levels of service based on a manufacturer’s needs.
Certified MSSPs not only possess the specialized knowledge and tools to implement required security controls, but they also have undergone rigorous assessments to demonstrate their ability to provide manufacturers with a trusted partner in compliance.
As cyberattack threats grow more sophisticated, potent and financially damaging for manufacturers, and with cybersecurity regulations becoming stricter at a time when hiring qualified cybersecurity personnel has never been more difficult. This makes access to curated protection and compliance assurance programs that can bring an organization’s cybersecurity up to appropriate standards quickly, while adjusting to its needs over time, vital to ongoing success.