- More thanhalf (51%) have either experienced a cybersecurity incident or are not evensure if they have had a cybersecurity incident; and
- Nearly threein five (59%) have delayed the progress of digital transformation projects dueto the fear of cyberattacks
SINGAPORE - Media OutReach - April 3, 2019 - A Frost & Sullivan study commissioned by Microsoft foundthat a cyberattack can cost a large manufacturing organization in Asia Pacifican average of US$10.7 million in economic loss with customer churn beingthe largest economic consequence of a cyber breach, resulting in US$8.1 millionof indirect cost. For mid-sized manufacturing organization,the average economic loss was US$38,000. Furthermore, cybersecurityincidents have also led to job losses across different functions in more thanthree out of five (63%) manufacturing organizations.
While the impact of datavulnerabilities and breaches can be costly and damaging to the manufacturing organizations, its supply chain and consumers, the study uncovered thathalf (51%) of the manufacturing organizations in Asia Pacific had eitherexperienced a security incident or were not sure if they had had a securityincident as they had not performed proper forensics or data breach assessment.
The study further revealed that instead of accelerating digitaltransformation to bolster their cybersecurity strategyto defend against future cyberattacks, almost three in five (59%) manufacturingorganizations across Asia Pacific had delayed the progress of digitaltransformation projects due to the fear of cyberattacks. Delaying digitaltransformation not only limits the capabilities of manufacturing organizationsto defend against increasingly sophisticated cyberthreats but also preventsthem from leveraging advanced technologies, such as artificial intelligence(AI), cloud, and the Internet of Things (IoT), to dramatically increaseproductivity, empower their workforce and deliver new service lines.
These findings are part of "Understandingthe Cybersecurity Threat Landscape in Asia Pacific: Securing the ModernEnterprise in a Digital World" study launched in May 2018. Thefindings aim to provide business and IT decision makers in the manufacturing sectorwith insights on the economic cost of cyberattacks and to help to identify anygaps in their cybersecurity strategies.
The initial study surveyed a total of 1,300 business and IT decisionmakers ranging from mid-sized organizations (250 to 499 employees) tolarge-sized organizations (>than 500 employees), of which 18% belong to the manufacturingindustry.
In calculating the cost of cyberattacks, Frost & Sullivan created aneconomic loss model based on the insights shared by the respondents. This modelfactors in two kinds of losses which could result from a cybersecurity breach:
- Direct: Financial losses associated witha cybersecurity incident including loss of productivity, fines, remediationcost, etc; and
- Indirect: The opportunity cost to theorganization such as customer churn due to reputational damage.
A breakdown of the average direct and indirecteconomic cost that a large manufacturing organization can incur due to acybersecurity incident.
"The frequency andseverity of cyberattacks targeting manufacturing organizations have increased significantlyin recent years, underscoring the need to protect the ever-growing volume ofdata generated by and made available to manufacturing organizations," said Kenny Yeo,Industry Principal, Cyber Security, Frost & Sullivan. "By integrating securityinto every digital process and physical devices, manufacturing organizationscan not only mitigate the loss of intellectual property (IP) and customer databut also minimize downtime as well as remediation cost resulting fromcyberattacks."
Key Cyberthreats and Gaps in ManufacturingOrganizations' Cybersecurity Approaches
For manufacturing organizations that have encountered a security incident, data exfiltration, ransomware and remote code execution are the biggest concern as these threats have the highest impact and often result in the slowest recovery time:
- Remote code execution is a unique threatthat manufacturing organizations face, and it poses a grave threat to thesecompanies as cybercriminals can remotely access and control their operations.This allows malicious actors to disrupt production and sabotage the business.
- As manufacturingorganizations need to adhere to tight schedules and strict deadlines, a ransomware attack -- wherecybercriminals encrypt files to restrict users' access until a ransom is paid --can lead to production downtime and loss of customer confidence. Manufacturingorganizations not only lose time and resources in dealing with the aftermath ofthe attack, but the entire supply chain will also be disrupted too.
Aside from externalthreats, the study also uncovered several key cybersecurity gaps inmanufacturing organizations:
- Complex security environment impeding recovery time: Contrary to the common notion that more security solutions will lead to greaterefficiency, a large portfolio of cybersecurity solutions may not be a good approachto bolster cybersecurity. The complexity of managing a large portfolio ofcybersecurity solutions may lead to longer recovery time from cyberattacks.
The study showed that nearly three in five (57%)manufacturing organizations with 26 to 50 cybersecurity solutions took morethan a day to recover from cyberattacks. Conversely, only 26% of organizationswith less than 10 solutions took more than a day to recover. In fact, 35% of themmanaged to recover from a security incident within an hour.
- Traditional tactical viewpoint towards cybersecurity: Despite the growing sophistication and impact of cyberattacks, thestudy revealed that majority of the respondents (41%) hold a tactical view of cybersecurity-- "only" to safeguard the organization against cyberattacks. While only one infive (19%) viewed cybersecurity as a business differentiator and an enabler fordigital transformation.
- Security as an afterthought: If cybersecurity is not seen as anenabler for digital transformation, it will undermine manufacturingorganizations' ability to build a "secure-by-design" digital project, leadingto increased vulnerabilities and risks.
The study revealed that only 26% of manufacturingorganizations who had encountered cyberthreats considered a cybersecuritystrategy prior to initiating a digital transformation project. The remainingrespondents either thought about cybersecurity only after the commencement of theirdigital transformation projects or did not think about cybersecurity at all.
"Technology advancesand innovations in intelligent manufacturing are delivering game-changingbreakthroughs for leading businesses in every sector," said Scott Hunter,Regional Business Lead, Manufacturing, Microsoft Asia. "As manufacturingorganizations focus on increasing data-driven products and services todifferentiate themselves in the global economy, building and maintaining trustwithin their ecosystem of partners and customers becomes an even biggerpriority."
"Cyber attackers areconstantly looking for opportunities, so the more businesses know about theirtechniques and tradecraft, the better prepared they will be to build defenses andrespond quickly. Building organizational resilience and reducing risk byadopting a security approach that includes prevention, detection and responsecan make a huge difference in the overall cybersecurity health of amanufacturing organization," he added.
Bolstering Cybersecurity UsingArtifical Intelligence
AI plays a criticalrole in manufacturing organizations as they increasingly rely on machinelearning automation to increase their efficiency and output by scale whilereducing cost and downtime through predictive maintenance. AI is also apowerful tool that can enable manufacturing organizations to defend themselvesagainst increasingly sophisticated cyberattacks. The study revealed that 67% ofmanufacturing organizations in Asia Pacific have either adopted or areconsidering an AI-based approach to improve their security posture.
Cybersecurity solutions that are augmented withAI and machine learning capabilities can autonomously learn what is normalbehavior for connected devices on the organization's network, and swiftlyidentify cyberthreats at scale through the detection of behavioral anomalies.Cybersecurity teams can also put in place rules that block or quarantinedevices that are not behaving as expected before they can potentially damagethe environment. These AI-powered cybersecurity engines enable manufacturingorganizations to address one of their largest and most complex security challengesas they integrate thousands or even millions of IoT devices into theirinformation technology (IT) and operational technology (OT) environments.
For more informationon the study, please visit: https://news.microsoft.com/apac/features/cybersecurity-in-asia/
About the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” Study
This study involved a survey conducted with 1,300 respondents from 13markets - Australia, China, Hong Kong, Indonesia, India, Japan, Korea,Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. Out ofthese 1,300 respondents, 18% of them are from the manufacturing industry.
All respondents are business and IT decision-makers involved in shapingtheir organizations' cybersecurity strategies. 44% of them being businessdecision-makers, including CEOs, COOs and Directors, while 56% are ITdecision-makers, including CIOs, CISO and IT Directors. 29% of participants arefrom mid-sized organizations (250 to 499 staff); and 71% are from large-sizedorganizations (more than 500 staff).
About Microsoft
Microsoft (Nasdaq"MSFT" @microsoft) enables digital transformation for the era of an intelligentcloud and an intelligent edge. Its mission is to empower every person and everyorganization on the planet to achieve more.