Skip to content Skip to footer

Loading Results

It’s time to get cyber efforts back on track, with pandemic-level urgency

22 February, 2021

Aaron Schamp
Principal, Cybersecurity and Privacy, PwC US

The COVID-19 pandemic ushered in a “no-touch” and “do-more-with-fewer-employees” world. In response, the exigencies of the last year have accelerated adoption of Fourth Industrial Revolution technologies in the manufacturing sector. From increasingly smart factories and supply chains to new e-commerce channels to more IoT-connected products and services, this adoption is likely to persist across organizations trying to bolster bottom lines and competitiveness – and, for some, to even survive.

But, in this race to all things digital, has the pandemic pulled cybersecurity from the leading pack of priorities?

Cyber under-prioritized in the short term as cyber attacks soar … 

Greater digital connectivity suggests greater cyber vulnerability. This was evident in 2020. As more companies switched to remote online work, cyber attack incidents spiked. Malware and ransomware increased threefold and fourfold, respectively, according to Deep Instinct. For some manufacturers, the pandemic struck just as they were maturing their cyber programs and strengthening collaboration between operations-technology and IT teams. And, it seems, the pandemic caused many—at least in the short-term—to under-prioritize cybersecurity, as they turned their focus to triage-like efforts to weather the national economic and health crisis. While nearly one-third (28%) of US manufacturers expect that cyber risks and attacks will be a top challenge over the next six months, just 15% place it as a top business priority, according to a new PwC survey. Meanwhile, phishing, spear phishing, hacking databases through unsecured IoT devices and other threats aren’t likely to go away. They may even increase as manufacturers expand their digital attack surface.

So while respondents agreed competitive threats were the number-one challenge over the next six months (41%), digital sales and marketing was the number-one priority (44%) for the next two years. Indeed, for some US manufacturers, these findings suggest that just surviving the pandemic as a viable, competitive enterprise has trumped other concerns and priorities such as cyber – at least for the short term.

… but ramping up post-pandemic? 
The picture changes over the next two years. While roughly the same percentage of respondents (27%) expect cyber challenges to persist, substantially more (39%) expect that managing cyber risks and attacks will become a top business priority. Manufacturers, then, presumably expect to climb more swiftly up the cybersecurity maturity curve once the pandemic ebbs.

Know your vulnerabilities… 
It’s not as if manufacturers are unaware of the importance of securing a rapidly growing cyber-attack surface that a widening deployment of digital technology creates. Indeed, most respondents (57%) acknowledged that IoT and embedded systems and devices are areas of vulnerability, and require improvement over the next six months (and 59% say it will be so over the next two years). Nearly half of the respondents (44%) acknowledged that cyber vulnerabilities in manufacturing facilities, plant and equipment will require cyber protection over the next six months (versus 37% over the next two years). And, as US manufacturers begin a shift to e-commerce business models, they may also be opening altogether new entry points for bad actors to access customer data.

…then act upon them.
While cybersecurity and risk management concerns rank low in priority relative to other business areas, it would be wrong to conclude that US manufacturers are retreating from the cyber front. When asked specifically which cybersecurity tools and actions they’re considering, 44% said they’re placing a high priority on application security (firewalls and anti-virus solutions) over the next six months (52% over the next two years). They’re also looking to prioritize the use of cyber-protection tools and actions over the next two years, with 52% looking at application security solutions as well as upgrading cyber incident response and recovery plans (41%), cloud and network security (46%) and risk assessment audits and stress tests (32%).

Will that be enough? Tellingly, when asked which manufacturing platforms and technology they’re currently prioritizing, 9% cited cyber-threat map dashboards over the next six months (22% over the next two years. 

Cyber talent needed. Manufacturers are also keenly aware that they need more than technology to cyber-proof their operations, logistics and IoT-connected products and services. They’re on the hunt for new talent to help leverage that technology. About one-third (36%) of respondents expect to hire more digital specialists in the next six months (49% over the next two years). The same expectation holds for providing cyber training and digital upskilling for their existing workforce—44% expect to do so in the next six months and 40% plan the same over the next two years. Just over a third (35%) already provide cybersecurity training and upskilling, and 42% expect to do so over the next two years.

Time to get cyber efforts back on track. As US manufacturers speed along the path of all things digital (installing advanced robotics, expanding industrial IoT, implementing artificial intelligence and automation and shifting to more B2B and B2C e-commerce) they stand to gain a lot—and, potentially, lose just as much. Manufacturers need to be sure that their cybersecurity efforts (hiring new cyber specialists, building threat dashboards, performing cyber audits, melding operational and IT teams) are ahead of their digital growth, not behind. For some, waiting two years to climb the cybersecurity maturity curve may be too late. It may run the risk of all manner of costly disruptions, including production delays, intellectual property theft and ransom threats—all of which can stall their digital ambitions.