Four digital risks facing the manufacturing industry
Technology has played an instrumental role in the evolution of manufacturing – from artificial intelligence (AI) enhancing warehouse management systems, to machine learning (ML) forecasting demand based on real-time events, and Internet of Things (IoT) devices gathering production data around the clock – innovation has propelled the industry forward and established the bottom line for success. Who could have predicted, for example, that Ford Motor Company – founded in 1903 – today files more technology patents than Google and Amazon combined?
Over time, technology has changed from being a nice-to-have, to a competitive advantage that can make or break a manufacturer. It’s clear that digital transformation is an important facet of manufacturing, but that doesn’t mean it’s plain sailing – constantly embracing and pursuing digital projects opens businesses up to a range of new risks. For manufacturers, the key is striking a balance between risk and reward.
In order to continue to digitally transform and thrive within the industry, manufacturers need to get familiar with these new risks and how they come about; only then can they put in place a clear digital risk management strategy to counter them. Here are the four key risks to consider:
1. Risk of cyber-attack
The manufacturing industry has always been a prime target for cyber-attackers trying to steal intellectual property or disrupt operations. According to the manufacturers’ organisation, Make UK, manufacturing is the third-most targeted sector by cyber criminals, and around half of manufacturers report suffering financial or operational losses due to cyber-attacks.
Cyber-attack risks are widely expected to increase due to digital transformation. Manufacturing now ranks as the biggest investor in IoT compared to any other industry. As manufacturers integrate more digital sensors and other connected devices into their daily operations, their attack surfaces will widen. This gives adversaries more potential entry points to exploit.
The answer? Visibility. Whilst attacks cannot be prevented, they can be mitigated. The first step is for manufacturers to map out exactly how new technologies connect to their infrastructure and interact with critical processes. Only then can they put in place additional measures to monitor for and guard against potential cyber-attacks.
2. Risks introduced by third-parties
Manufacturers have always had to contend with having a large supplier ecosystem, but as more of their production facilities and products involve digital elements, they now need to re-assess the digital risks that their partners introduce. In fact, there’s evidence that many data breaches are linked to direct or indirect third-party access.
One interesting example is product tampering where malicious technology can be introduced into a product as it moves through the supply chain. This has led to the rise of e-pedigree, which is essentially electronic documents that show exactly who has handled the product. Some manufacturers have also started to use blockchain technology to help manage data provenance and ensure authenticity of goods.
At an absolute minimum, companies need to understand the vulnerabilities third-parties create, but ideally this should be expanded to include potentially risky fourth and Nth parties too. They should also re-assess and introduce (if required) greater due diligence for upstream providers. After all, manufacturers can be held accountable for compliance and security issues, even if they’re introduced by partners.
3. Risks around collecting and storing data
Alongside the growing use of new technologies, collection and sharing of data has become a prominent part of the industry. Data helps provide personalised customer experiences, improves products and helps create new ones. In automotive, for example, it’s common for personal data to be collected after the car has been purchased, to help monitor for bugs.
At the same time, the mistreatment of data that has been collected for commercial reasons can lead to infringement of privacy regulations. The global drive towards digital has meant that there are many such regulations that dictate what companies can and can't do with data – and big fines for anyone who violates them. Manufacturers must make sure their digital strategies adhere to these – this may involve giving consumers “the right to be forgotten”, obfuscating their data, disposing of it after a period of time, or questioning whether they need to keep it at all.
4. Risk of disruption to operations
As business-critical infrastructure becomes more complex, connected and data-driven, this can have a significant impact on how businesses should deal with disruption to their operations – in other words, how resilient they are. When NotPetya ransomware reared its head in 2016-17, many of the affected companies – which included manufacturers – resorted to decades-old manual processes to maintain operations. Those companies with newer, more digital processes, were at a complete loss.
While NotPetya seems worlds away from the current pandemic fallout, both incidents underscore the importance of having comprehensive business continuity plans in place. As businesses become more digitally-dependent, they need to understand and put in place measures to operate during, and quickly recover from, a period of disruption.
Understand the risks, reap the rewards
Manufacturers need to accept that while digital transformation has become a necessity, it amplifies the digital risks they face. They can no longer treat cyber-attack, supplier, privacy and resiliency risks as standalone, siloed. Rather, they must continually assess, monitor and manage such risks on a company-wide basis, involving experts and stakeholders from right across the business.