The Cost of a Manufacturing Cyberattack in 2019

With every new technology comes the risk of someone seeking to exploit it. And while the industrial internet of things (IIoT) is complex and robust, its sheer scope means plenty of access points for opportunistic hackers. As manufacturers come to rely more on the IIoT, it’s crucial to understand paying for good security features is minimal when compared to the exorbitant costs of a successful cyberattack or data breach.

Understanding peripheral costs

It’s easy to think of the cost of a cyberattack in terms of raw dollars and cents. A hacker demands $50,000, a company pays it, and they’re out $50,000. But this is inaccurate. Whether or not they pay the data ransom, an organization will sacrifice tens of multiples more in additional costs. Take, for example, Erie County Medical Center in New York. The hospital thwarted a hacker’s attempt to ransom a mere $30,000 but ended up paying out more than $10 million in costs to remedy the situation. This example shines a light on the rippling costs of cyberattacks. And it’s not an extreme example, either! A recent study by Frost & Sullivan, commissioned by Microsoft, shows an average estimated loss of $10.7 million per breach of data among manufacturing organizations in Asia Pacific. It’s a number that will only get larger as hackers get bolder and more adept at penetrating the IIoT.

Breaking down the numbers

According to the Frost & Sullivan report, a majority of the expenses of a hack comes from indirect costs. Roughly $8.1 million of the $10.7 million average are costs incurred by merely remedying the situation. Match this to Erie County Medical Center’s costs — which included everything from employee overtime to software upgrades to new hardware — and the real cost of a data breach becomes intimately clear. According to Threatpost, manufacturers can expect the cyberattack itself to cost about $1.7 million. This includes “unexpected budget expenditures and drops in stock values,” as well as the cost of remediating the immediate problem. But it’s only the start. Secondary costs start to roll in almost immediately, including:

• Customer disruptions, including churn
• Fines due to hacking incidents
• Productivity losses
• Overtime and extra staffing

After the incident remediation and then fallout comes the cost of prevention against future attacks. Here, the costs are virtually limitless. The expense of upgrading software and hardware, training employees, developing emergency response tactics, public relations costs, and much more all come with individual costs. Stacked next to the already compounding losses affecting manufacturers and their customers, the cost of cleaning up after a cyberattack and preventing the next one is a price few manufacturers can afford to pay.

Data breaches by the numbers

The worst approach a manufacturer can take is to say, “This won’t happen to me” — because ultimately, without proper foresight and planning, it will. Take a look at some of the data surrounding the rise of manufacturing cyberattacks in recent years:

• According to 2017 statistics, over 130 large-scale, targeted breaches occur in the U.S. per year — a number growing by 27% annually. (Accenture)
• A third of organizations (31%) have experienced cyberattacks on their IIoT infrastructure. (Cisco)
• In 2017, organizations spent nearly $11.7 million to recovery after a cyberattack — a number up more than 23% from the previous year. (Accenture)
• Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)

Manufacturers aren’t naïve to the threats of cyberattacks. But until they understand just how much an attack costs — successful or unsuccessful — they will continue to compromise on upfront security costs. The IIoT is only growing; a focus on cybersecurity should pace it.