Newsletters
Risk Central
Digital EditionManufacturing Most Vulnerable to Cybersecurity Risks Across Industries: Report
An analysis of cybersecurity risks across industries indicates a surge in cyber risk for businesses, with manufacturing companies and supply chains among the most vulnerable, according to Cowbell’s 2024 Cyber Roundup Report.
“The digital age has opened up some incredible avenues for business growth. But in the same breath, it’s also brought a complex set of cyber risks,” said Cowbell founder and CEO Jack Kudale. “Across the board, we’re seeing cybercriminals capitalize on interconnectivity, automation, and emerging tools like AI to launch increasingly sophisticated attacks.”
The manufacturing sector has become a prime target for cybercriminals, according to the report, which analyzed more than 46 million small and medium-sized enterprises (SMEs) across the
U.S., U.K., and Japan.
Cowbell assigns a risk score from 0 to 100 based on cyber threats and exposures, with 100 representing the lowest level of risk. The manufacturing sector’s risk score is 11.7% lower than the global average for all industries, Cowbell’s analysis found.
This heightened vulnerability is evident in both the frequency and severity of cyber incidents, as manufacturers face cyber claims that are 1.6 times more frequent and 1.2 times more severe compared to the average across all sectors, the report noted. Several factors contribute to this elevated risk profile, including manufacturing’s heavy reliance on automation and interconnected devices, also known as the Internet of Things, Cowbell reported.
Additionally, the presence of legacy computer systems and bespoke software often lacking modern security features further compounds the problem. The high sensitivity of data, including valuable intellectual property and design plans, makes manufacturers an attractive target for cybercriminals seeking to exploit or disrupt critical operations, according to Cowbell.
Public administration and educational services also are are emerging as the latest high-risk industries, with risk scores two points lower than the global average, the report found. Educational institutions have seen a 70% increase in attacks over the past year, Cowbell noted. Despite experiencing a lower frequency of attacks, the public administration/educational services sectors face claims that are 20-40% more severe than average.
Budget constraints that often lead to outdated IT infrastructure and security measures are a key contributor to the lower risk score, the report stated. Large user bases with varying levels of cybersecurity awareness also contribute to the risk. Moreover, valuable personal and research data held by these institutions attracts cybercriminals, while the critical nature of their services increases pressure to pay ransoms in case of attacks.
The health care and professional services sectors present a unique risk profile, experiencing lower-than-average claim frequency but facing higher-than-average severity when incidents do occur, according to the report. Specifically, the health care sector sees 20% lower frequency but 40% higher severity, while professional services experience 10% lower frequency but 15% higher severity.
For health care, the high severity of attacks can be attributed to strict regulatory requirements and potential for hefty fines. The critical nature of patient data and the potential for life-threatening disruptions also contribute to the increased impact of cyber incidents. High costs associated with system downtime and data recovery further exacerbate the situation.
The Growing Menace of Supply Chain Attacks
Between 2021 and 2023, the volume of supply chain attacks has grown more than five fold (431%), with further growth projected by 2025, according to Cowbell.
The rise in supply chain attacks is attributed to several key factors, per the report. As businesses continue to embrace digital transformation, the increased interconnectivity of operations has created new vulnerabilities. The growing complexity of supply chains has made them increasingly difficult to secure, providing cybercriminals with multiple entry points.
Additionally, the potential to compromise multiple entities through a single breach has made supply chain attacks an attractive option for malicious actors seeking high-value targets, the report’s authors noted.
Comprehensive Cyber Risk Management
As cyber risks grow more severe, investment in advanced cybersecurity measures is no longer optional – it is a necessity for businesses of all sizes, Cowbell advises.
Key focus areas should include regular security audits and penetration testing, implementation of multi-factor authentication across all systems, and development of a robust incident response plan. Employee training on cybersecurity best practices and adoption of a zero-trust security model are also critical components of a comprehensive strategy.
Small and medium-sized enterprises (SMEs) are not immune to cyber threats and should implement basic security measures such as regular software updates, employee training on phishing awareness, and robust password policies. Utilizing cloud services with built-in security features and developing an incident response plan tailored to their resources can significantly improve an SME’s security posture, the report noted.
The security of fundamental systems, such as operating systems and server-side technologies, is crucial given their association with high risk. Regular updates and patch management should be a top priority for all businesses, the report advised. For content management and collaboration tools, implementing strong access controls and encryption is essential to protect sensitive data and prevent unauthorized access.
“Larger organizations are key targets because of their vast data and complex operations, while smaller businesses are at risk due to supply chain vulnerabilities and limited cybersecurity resources. The latter may face a lower frequency of attacks overall, however, the consequences of a single incident can be devastating, including significant financial losses, crippling downtime and business interruption, and, in some cases, closure,” Kudale said.
Access the full report from Cowbell here. &
