Industrial companies are greatly increasing their use of data management tools both as a response to Covid-19 workforce reduction issues, and due to the productivity improvements good data monitoring, analysis and control can provide. Annual spending on these tools is forecast to increase from $5b/year today to $20b/year by 2026.
Meanwhile, Kaspersky detailed a series of attacks in Japan, Italy, Germany and the UK which targeted suppliers of equipment and software for industrial companies.
As digital tools become ever more integrated into business operations, the corresponding increase in the threat surface requires ever more attention and resources to be devoted to the management of digital risks. Industrial companies will be increasingly exposed to these risks as the trend towards more automation of the entire manufacturing cycle—from planning, to execution, to monitoring—is digitized.
Also, as the amount of active human control over these processes decreases, the amount of control each individual human has over the system increases, which also increases the amount of damage that can be caused to systems through a single breach. This puts an ever-greater importance on the need to adequately invest in cyber governance at all levels, including people and process. Cyberhedge analysis indicates there is an average 20 percent drop in operating margins for companies experiencing a cyber-related operational disruption like ransomware. And as Kaspersky points out, attacks on industrial systems are becoming ever more targeted and sophisticated.
Ransomware-based operational disruptions have proven extremely costly in recent years to companies such as Norsk Hydro, Mondelez and Maersk. According to Bloomberg market data analysis, Mondelez lost $10.2 billion in shareholder value relative to the broad US market in the year following the breach, equal to 15 percent of the company’s total value. Looking at performance relative to global food peers, Mondelez underperformed by 10 percent in the year following the breach, equivalent to $6.8 billion dollars. A NotPetya attack disrupted Maersk’s operations for 2 weeks, resulted in a 20% reduction in shipping volume during the outage, caused $300m in direct economic damage. By Cyberhedge’s analysis, this led to $8.4b in value loss to Maersk shareholders. Operational-disruption breaches like this also take on average six months for the share price to recover. In other cases like Pitney Bowes, it may never recover to pre-breach levels.