Microsoft has commissioned a Frost & Sullivan study, revealing that a cyber attack can cost a large manufacturing organization in Asia Pacific an average of US$10.7 million in economic loss with customer churn being the largest economic consequence of a cyber breach, resulting in US$8.1 million of indirect cost. For mid-sized manufacturing organization, the average economic loss was US$38,000. Furthermore, cybersecurity incidents have also led to job losses across different functions in more than three out of five (63%) manufacturing organizations.

The study discloses that while the impact of data vulnerabilities and breaches can be costly and damaging to the manufacturing organizations, its supply chain and consumers is half (51%) of the manufacturing organizations in Asia Pacific which have either experienced a security incident or are not sure if they have had a security incident as they had not performed proper forensics or data breach assessment.

The study further reveals that instead of accelerating digital transformation to bolster their cybersecurity strategy to defend against future cyberattacks, almost three in five (59%) manufacturing organizations across Asia Pacific had delayed the progress of digital transformation projects due to the fear of cyberattacks. Delaying digital transformation not only limits the capabilities of manufacturing organizations to defend against increasingly sophisticated cyber threats but also prevents them from leveraging advanced technologies, such as artificial intelligence (AI), cloud, and the Internet of Things (IoT), to dramatically increase productivity, empower their workforce and deliver new service lines.

In calculating the cost of cyberattacks, Frost & Sullivan created an economic loss model based on the insights shared by the respondents. This model factors in two kinds of losses which could result from a cybersecurity breach -

* Direct: Financial losses associated with a cybersecurity incident including loss of productivity, fines, remediation cost, etc; and

* Indirect: The opportunity cost to the organization such as customer churn due to reputational damage.

Kenny Yeo, Industry Principal, Cyber Security, Frost & Sullivan, says, "The frequency and severity of cyberattacks targeting manufacturing organizations have increased significantly in recent years, underscoring the need to protect the ever-growing volume of data generated by and made available to manufacturing organizations. By integrating security into every digital process and physical devices, manufacturing organizations can not only mitigate the loss of intellectual property (IP) and customer data but also minimize downtime as well as remediation cost resulting from cyberattacks."

For manufacturing organizations that have encountered a security incident, data ex-filtration, ransomware and remote code execution are the biggest concern as these threats have the highest impact and often result in the slowest recovery time -

* Remote code execution is a unique threat that manufacturing organizations face, and it poses a grave threat to these companies as cyber criminals can remotely access and control their operations. This allows malicious actors to disrupt production and sabotage the business.

* As manufacturing organizations need to adhere to tight schedules and strict deadlines, a ransomware attack, where cyber criminals encrypt files to restrict users' access until a ransom is paid, can lead to production downtime and loss of customer confidence. Manufacturing organizations not only lose time and resources in dealing with the aftermath of the attack, but the entire supply chain will also be disrupted too.

Aside from external threats, the study also uncovered several key cybersecurity gaps in manufacturing organizations -

* Complex security environment impeding recovery time: Contrary to the common notion that more security solutions will lead to greater efficiency, a large portfolio of cybersecurity solutions may not be a good approach to bolster cybersecurity. The complexity of managing a large portfolio of cybersecurity solutions may lead to longer recovery time from cyberattacks.

The study showed that nearly three in five manufacturing organizations with 26 to 50 cybersecurity solutions took more than a day to recover from cyberattacks. Conversely, only 26% of organizations with less than 10 solutions took more than a day to recover. In fact, 35% of them managed to recover from a security incident within an hour.

* Traditional tactical viewpoint towards cybersecurity: Despite the growing sophistication and impact of cyberattacks, the study revealed that majority of the respondents (41%) hold a tactical view of cybersecurity -- "only" to safeguard the organization against cyberattacks. While only one in five (19%) viewed cybersecurity as a business differentiator and an enabler for digital transformation.

* Security as an afterthought: If cybersecurity is not seen as an enabler for digital transformation, it will undermine manufacturing organizations' ability to build a "secure-by-design" digital project, leading to increased vulnerabilities and risks.

The study revealed that only 26% of manufacturing organizations who had encountered cyber threats considered a cybersecurity strategy prior to initiating a digital transformation project. The remaining respondents either thought about cybersecurity only after the commencement of their digital transformation projects or did not think about cybersecurity at all.

AI plays a critical role in manufacturing organizations as they increasingly rely on machine learning automation to increase their efficiency and output by scale while reducing cost and downtime through predictive maintenance. AI is also a powerful tool that can enable manufacturing organizations to defend themselves against increasingly sophisticated cyberattacks. The study revealed that 67% of manufacturing organizations in Asia Pacific have either adopted or are considering an AI-based approach to improve their security posture.

Cybersecurity solutions that are augmented with AI and machine learning capabilities can autonomously learn what is normal behavior for connected devices, on the organization's network. It can swiftly identify cyber threats at scale through the detection of behavioral anomalies. Cybersecurity teams can also put in place rules that block or quarantine devices that are not behaving as expected before they can potentially damage the environment. These AI-powered cybersecurity engines enable manufacturing organizations to address one of their largest and most complex security challenges as they integrate thousands or even millions of IoT devices into their information technology (IT) and operational technology (OT) environments.

Scott Hunter, Regional Business Lead, Manufacturing, Microsoft Asia, says, "Technology advances and innovations in intelligent manufacturing are delivering game-changing breakthroughs for leading businesses in every sector. As manufacturing organizations focus on increasing data-driven products and services to differentiate themselves in the global economy, building and maintaining trust within their ecosystem of partners and customers becomes an even bigger priority. Cyber attackers are constantly looking for opportunities, so the more businesses know about their techniques and tradecraft, the better prepared they will be to build defenses and respond quickly. Building organizational resilience and reducing risk by adopting a security approach that includes prevention, detection and response can make a huge difference in the overall cybersecurity health of a manufacturing organization."