Manufacturing and Cyber: Protecting Your Business from the Devastating Cost of a Cyberattack

The manufacturing industry remains an attractive target for cybercriminals. Facilities must put safeguards in place to prevent the devastating financial toll of a malicious attack.
By: | January 6, 2025

Hackers do not discriminate, and manufacturing is no exception; if there is a vulnerability in a system, they are more than happy to exploit it.

Protecting against a cyberattack, therefore, is a necessity.

“The amount of data stored by manufacturers that’s potentially available to be stolen, captured, held hostage or replicated has never been larger. This is due to factors such as local server storage, cloud computing and the way the internet has changed how business is done,” said Kevin Kurpinski, manufacturing industry practice lead, The Hartford.

Manufacturing facilities have increasingly embraced technology — amplifying production with the help of digital equipment, robots and AI. These additions, inherently, add value to the company.

But like all new things, they bring new risk.

“As more data exists in the digital world, there is a greater risk of exploitation by bad actors seeking to infiltrate software and systems,” Kurpinski said.

In order to protect against cyber vulnerabilities, manufacturing facilities must look at what’s at stake. Cyber risk management is crucial to protecting against and even deterring potential attacks.

Where’s the Risk Really At?

Kevin Kurpinski, manufacturing industry practice lead, The Hartford

Perhaps the most crucial part for manufacturers in preventing cyberattacks is to start with understanding where their vulnerabilities lie.

“The Internet of Things (IoT) and interconnectivity levels within manufacturing facilities is on the rise,” said Tony Dolce, head of professional liability, cyber and tech E&O, The Hartford. “With everything connected to the internet, including production lines, this has significantly increased the exposure of these companies to cyber threats.”

Bringing down a production line can literally bring manufacturing operations to a halt. Inability to operate or fulfill orders could further lead targeted companies to take drastic measures to restore operations.

“The interconnectedness provides a wider attack surface for network intrusions, where bad actors gain access to the network to attempt to monetize their actions through various means,” Dolce said.

Not to mention, manufacturers that work with third-party vendors and service providers open their doors to bigger risks. The more contracts and connections the manufacturer has, the more potential entry points exist for threat actors to access the systems.

High-profile operations also become top-tier targets: “Companies that do business with the government or other high-profile operations increases the vulnerability of that business, not just for monetary gain but also for political statements or disagreements with their actions,” Dolce said.

Ransomware, business interruption and even attacks against the supply chain can render a manufacturer inoperable. These levels of attack can have lasting financial implications on the business as well, further increasing the risks associated with cyber threats.

Understanding the Financial Toll of a Cyberattack

Tony Dolce, head of professional liability, cyber and tech E&O, The Hartford

Financial loss occurs both during a cyberattack and after. To fully grasp the financial cost of a large-scale cyberattack on a manufacturing company means looking at an attack from start to finish.

“Initially, there’s the incident response phase, which is like triaging a health care situation. This involves bringing in forensics, an incident response coach, which is usually a law firm, and addressing remediation and public relations to communicate with stakeholders, employees, and regulators,” Dolce said.

Then there may be a business interruption piece, which deals with the downtime and lost income resulting from the attack. “This is especially critical in manufacturing, where an attack can bring down the production line,” Dolce said.

“Lastly, there may be a third phase involving potential third-party lawsuits or regulatory actions stemming from the incident,” he continued. However, with the available tools and experience in the industry, it’s possible to model and estimate the size of the risk, considering factors such as the specific manufacturing sector, the scale of the enterprise, and the needed limits,” he said.

Learning from Real-World Manufacturing Cyberattacks

For the last three years, manufacturing has remained the top industry targeted for cyberattacks. To put the financial toll into perspective, here are a few real-world examples of manufacturers under attack and what it ultimately cost the companies in the end.

Case 1: Mondelez International, Food Manufacturing (2017)

Stemming from the NotPetya ransomware event of 2017, the attack on food manufacturer Mondelez International damaged 1,700 servers and 24,000 laptops, causing widespread disruption to its distribution processes and customers. This then triggered many insurers to exclude nation-state cyberattacks.

In all, it cost more than $100 million in losses, left the company down for weeks and jumpstarted a legal battle that lasted years.

Case 2: Renault-Nissan (2017)

Several operations of the car manufacturing giant were brought to a halt by WannaCry ransomware. While the massive attack affected organizations across 150 countries, Renault lost output from five sites across the globe as it stopped production to deal with the attack.

Downtime was only a few days, according to news reports. However, one estimate posits the attack could have cost the company as high as $4 billion. The company has not disclosed an actual loss amount.

Case 3: Norsk Hydro (2019)

Norsk Hydro, a multinational aluminum renewable energy business, was forced to close many of its 170 plants following the LockerGoga ransomware attacks conducted in 2019. Instead of outright paying the hackers for a decryption code to free its operations from the virus, Norsk Hydro chose to switch to manual operation of its plants and leaned on cybersecurity experts to remove the hackers from their systems.

The incident cost an estimated $70 million, per the company’s earnings report released later in the year. It operated manually for a month following the infiltration.

How Manufacturers Can Build Up Cyber Controls

Manufacturers need not stand at the cyber crossroads; there are several steps to take to prevent and curb the effects of a cyberattack.

First and foremost, having a robust incident response plan in place will go a long way in lessening the toll of a cyberattack.

“This plan should be actionable, not just a binder collecting dust on a shelf,” Dolce said. “It should clearly outline the protocol to follow in the event of an incident, including who to contact, which vendors to engage, and whether to involve the cyber insurance carrier immediately.”

On top of that, this plan should be actively practiced and updated so that those involved in executing the plan are familiar with the steps involved before an event occurs.

In addition, manufacturers should prioritize good cyber hygiene practices. This includes having multifactor authentication to make sure their personnel are the ones accessing systems; maintaining segmented backups; and providing regular employee training to prevent phishing scams and other social engineering tactics.

“It’s essential to ensure proper patching cadence, updating systems when necessary and retiring outdated systems,” Dolce added.

And then, ultimately, manufacturing facilities must partner with cyber insurance experts that understand the nuances of their business as well as the cyber landscape.

“Cyber insurance offerings are unique. In the event of a cyber incident, the carrier’s specialized cyber claim department, staffed with experts who handle these challenges daily, can guide the insured through what may be the worst day of their professional lives,” Dolce said.

“The impact of cyberattacks on manufacturers can be staggering, especially with the increasing automation and digitization in the industry,” Kurpinski added. “The need for comprehensive cybersecurity measures is becoming increasingly apparent to many insured parties that recognize the level of detail required to safeguard their operations.” &

The information provided in these materials is intended to be general and advisory in nature. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of December 2024.

Links from this site to an external site, unaffiliated with The Hartford, may be provided for users’ convenience only. The Hartford does not control or review these sites nor does the provision of any link imply an endorsement or association of such non-Hartford sites. The Hartford is not responsible for and makes no representation or warranty regarding the contents, completeness or accuracy or security of any materials on such sites. If you decide to access such non-Hartford sites, you do so at your own risk.

Autumn Demberger is a freelance writer and can be reached at [email protected].

More from Risk & Insurance