The Cost of a Manufacturing Cyberattack in 2019
With every new technology comes the risk
of someone seeking to exploit it. And while the industrial internet of things
(IIoT) is complex and robust, its sheer scope means plenty of access points for
opportunistic hackers. As manufacturers come to rely more on the IIoT, it’s
crucial to understand paying for good security features is minimal when
compared to the exorbitant costs of a successful cyberattack or data breach.
Understanding peripheral costs
It’s easy to think of the cost of a
cyberattack in terms of raw dollars and cents. A hacker demands $50,000, a
company pays it, and they’re out $50,000. But this is inaccurate. Whether or
not they pay the data ransom, an organization will sacrifice tens of multiples
more in additional costs.
Take, for example, Erie County Medical Center in New York. The hospital thwarted a hacker’s attempt to ransom a mere $30,000 but ended up paying out more than $10 million in costs to remedy the situation.
This example shines a light on the rippling costs of cyberattacks. And it’s not an extreme example, either! A recent study by Frost & Sullivan, commissioned by Microsoft, shows an average estimated loss of $10.7 million per breach of data among manufacturing organizations in Asia Pacific. It’s a number that will only get larger as hackers get bolder and more adept at penetrating the IIoT.
Breaking down the numbers
According to the Frost & Sullivan
report, a majority of the expenses of a hack comes from indirect costs. Roughly
$8.1 million of the $10.7 million average are costs incurred by merely
remedying the situation. Match this to Erie County Medical Center’s costs —
which included everything from employee overtime to software upgrades to new
hardware — and the real cost of a data breach becomes intimately clear.
According to Threatpost, manufacturers can expect the cyberattack itself to cost about $1.7 million. This includes “unexpected budget expenditures and drops in stock values,” as well as the cost of remediating the immediate problem. But it’s only the start. Secondary costs start to roll in almost immediately, including:
- Customer disruptions, including churn
- Fines due to hacking incidents
- Productivity losses
- Overtime and extra staffing
After the incident remediation and then fallout
comes the cost of prevention against future attacks. Here, the costs are
virtually limitless. The expense of upgrading software and hardware, training
employees, developing emergency response tactics, public relations costs, and
much more all come with individual costs.
Stacked next to the already compounding
losses affecting manufacturers and their customers, the cost of cleaning up
after a cyberattack and preventing the next one is a price few manufacturers
can afford to pay.
Data breaches by the numbers
The worst approach a manufacturer can take is to say, “This won’t happen to me” — because ultimately, without proper foresight and planning, it will. Take a look at some of the data surrounding the rise of manufacturing cyberattacks in recent years:
- According to 2017 statistics, over 130 large-scale, targeted breaches occur in the U.S. per year — a number growing by 27% annually. (Accenture)
- A third of organizations (31%) have experienced cyberattacks on their IIoT infrastructure. (Cisco)
- In 2017, organizations spent nearly $11.7 million to recovery after a cyberattack — a number up more than 23% from the previous year. (Accenture)
- Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity Ventures)
Manufacturers aren’t naïve to the
threats of cyberattacks. But until they understand just how much an attack
costs — successful or unsuccessful — they will continue to compromise on
upfront security costs. The IIoT is only growing; a focus on cybersecurity
should pace it.