Microsoft and Frost &
Sullivan Study focusing on cybersecurity risks for manufacturing organizations in
Asia Pacific revealed:
- More than
half (51%) have either experienced a cybersecurity incident or are not even
sure if they have had a cybersecurity incident; and
- Nearly three
in five (59%) have delayed the progress of digital transformation projects due
to the fear of cyberattacks
SINGAPORE - Media OutReach - April 3, 2019 - A Frost & Sullivan study commissioned by Microsoft found
that a cyberattack can cost a large manufacturing organization in Asia Pacific
an average of US$10.7 million in economic loss with customer churn being
the largest economic consequence of a cyber breach, resulting in US$8.1 million
of indirect cost. For mid-sized manufacturing organization,
the average economic loss was US$38,000. Furthermore, cybersecurity
incidents have also led to job losses across different functions in more than
three out of five (63%) manufacturing organizations.
While the impact of data
vulnerabilities and breaches can be costly and damaging to the manufacturing organizations, its supply chain and consumers, the study uncovered that
half (51%) of the manufacturing organizations in Asia Pacific had either
experienced a security incident or were not sure if they had had a security
incident as they had not performed proper forensics or data breach assessment.
The study further revealed that instead of accelerating digital
transformation to bolster their cybersecurity strategy
to defend against future cyberattacks, almost three in five (59%) manufacturing
organizations across Asia Pacific had delayed the progress of digital
transformation projects due to the fear of cyberattacks. Delaying digital
transformation not only limits the capabilities of manufacturing organizations
to defend against increasingly sophisticated cyberthreats but also prevents
them from leveraging advanced technologies, such as artificial intelligence
(AI), cloud, and the Internet of Things (IoT), to dramatically increase
productivity, empower their workforce and deliver new service lines.
These findings are part of "Understanding
the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern
Enterprise in a Digital World" study launched in May 2018. The
findings aim to provide business and IT decision makers in the manufacturing sector
with insights on the economic cost of cyberattacks and to help to identify any
gaps in their cybersecurity strategies.
The initial study surveyed a total of 1,300 business and IT decision
makers ranging from mid-sized organizations (250 to 499 employees) to
large-sized organizations (>than 500 employees), of which 18% belong to the manufacturing
In calculating the cost of cyberattacks, Frost & Sullivan created an
economic loss model based on the insights shared by the respondents. This model
factors in two kinds of losses which could result from a cybersecurity breach:
- Direct: Financial losses associated with
a cybersecurity incident including loss of productivity, fines, remediation
cost, etc; and
- Indirect: The opportunity cost to the
organization such as customer churn due to reputational damage.
A breakdown of the average direct and indirect
economic cost that a large manufacturing organization can incur due to a
"The frequency and
severity of cyberattacks targeting manufacturing organizations have increased significantly
in recent years, underscoring the need to protect the ever-growing volume of
data generated by and made available to manufacturing organizations," said Kenny Yeo,
Industry Principal, Cyber Security, Frost & Sullivan. "By integrating security
into every digital process and physical devices, manufacturing organizations
can not only mitigate the loss of intellectual property (IP) and customer data
but also minimize downtime as well as remediation cost resulting from
Key Cyberthreats and Gaps in Manufacturing
Organizations' Cybersecurity Approaches
For manufacturing organizations that have encountered a security incident, data exfiltration, ransomware and remote code execution are the biggest concern as these threats have the highest impact and often result in the slowest recovery time:
- Remote code execution is a unique threat
that manufacturing organizations face, and it poses a grave threat to these
companies as cybercriminals can remotely access and control their operations.
This allows malicious actors to disrupt production and sabotage the business.
- As manufacturing
organizations need to adhere to tight schedules and strict deadlines, a ransomware attack -- where
cybercriminals encrypt files to restrict users' access until a ransom is paid --
can lead to production downtime and loss of customer confidence. Manufacturing
organizations not only lose time and resources in dealing with the aftermath of
the attack, but the entire supply chain will also be disrupted too.
Aside from external
threats, the study also uncovered several key cybersecurity gaps in
- Complex security environment impeding recovery time: Contrary to the common notion that more security solutions will lead to greater
efficiency, a large portfolio of cybersecurity solutions may not be a good approach
to bolster cybersecurity. The complexity of managing a large portfolio of
cybersecurity solutions may lead to longer recovery time from cyberattacks.
The study showed that nearly three in five (57%)
manufacturing organizations with 26 to 50 cybersecurity solutions took more
than a day to recover from cyberattacks. Conversely, only 26% of organizations
with less than 10 solutions took more than a day to recover. In fact, 35% of them
managed to recover from a security incident within an hour.
- Traditional tactical viewpoint towards cybersecurity: Despite the growing sophistication and impact of cyberattacks, the
study revealed that majority of the respondents (41%) hold a tactical view of cybersecurity
-- "only" to safeguard the organization against cyberattacks. While only one in
five (19%) viewed cybersecurity as a business differentiator and an enabler for
- Security as an afterthought: If cybersecurity is not seen as an
enabler for digital transformation, it will undermine manufacturing
organizations' ability to build a "secure-by-design" digital project, leading
to increased vulnerabilities and risks.
The study revealed that only 26% of manufacturing
organizations who had encountered cyberthreats considered a cybersecurity
strategy prior to initiating a digital transformation project. The remaining
respondents either thought about cybersecurity only after the commencement of their
digital transformation projects or did not think about cybersecurity at all.
and innovations in intelligent manufacturing are delivering game-changing
breakthroughs for leading businesses in every sector," said Scott Hunter,
Regional Business Lead, Manufacturing, Microsoft Asia. "As manufacturing
organizations focus on increasing data-driven products and services to
differentiate themselves in the global economy, building and maintaining trust
within their ecosystem of partners and customers becomes an even bigger
"Cyber attackers are
constantly looking for opportunities, so the more businesses know about their
techniques and tradecraft, the better prepared they will be to build defenses and
respond quickly. Building organizational resilience and reducing risk by
adopting a security approach that includes prevention, detection and response
can make a huge difference in the overall cybersecurity health of a
manufacturing organization," he added.
Bolstering Cybersecurity Using
AI plays a critical
role in manufacturing organizations as they increasingly rely on machine
learning automation to increase their efficiency and output by scale while
reducing cost and downtime through predictive maintenance. AI is also a
powerful tool that can enable manufacturing organizations to defend themselves
against increasingly sophisticated cyberattacks. The study revealed that 67% of
manufacturing organizations in Asia Pacific have either adopted or are
considering an AI-based approach to improve their security posture.
Cybersecurity solutions that are augmented with
AI and machine learning capabilities can autonomously learn what is normal
behavior for connected devices on the organization's network, and swiftly
identify cyberthreats at scale through the detection of behavioral anomalies.
Cybersecurity teams can also put in place rules that block or quarantine
devices that are not behaving as expected before they can potentially damage
the environment. These AI-powered cybersecurity engines enable manufacturing
organizations to address one of their largest and most complex security challenges
as they integrate thousands or even millions of IoT devices into their
information technology (IT) and operational technology (OT) environments.
For more information
on the study, please visit: https://news.microsoft.com/apac/features/cybersecurity-in-asia/
About the “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” Study
This study involved a survey conducted with 1,300 respondents from 13
markets - Australia, China, Hong Kong, Indonesia, India, Japan, Korea,
Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. Out of
these 1,300 respondents, 18% of them are from the manufacturing industry.
All respondents are business and IT decision-makers involved in shaping
their organizations' cybersecurity strategies. 44% of them being business
decision-makers, including CEOs, COOs and Directors, while 56% are IT
decision-makers, including CIOs, CISO and IT Directors. 29% of participants are
from mid-sized organizations (250 to 499 staff); and 71% are from large-sized
organizations (more than 500 staff).
"MSFT" @microsoft) enables digital transformation for the era of an intelligent
cloud and an intelligent edge. Its mission is to empower every person and every
organization on the planet to achieve more.