Cyber Attacks on Manufacturers Up Globally, But Less Than Half Prepared in Security
PR Newswire
6 min read
Estimated downtime cost individual firms up to US$2M; traditional "air gapping" no longer sufficient
SINGAPORE, Feb. 24, 2025 /PRNewswire/ -- A global study by Omdia has found that 80% of manufacturing firms experienced a significant increase in overall security incidents or breaches last year, but only 45% are adequately prepared in their cyber security.
Omdia surveyed over 500 technology executives worldwide on the convergence of Information Technology (IT) and Operational Technology (OT) – or physical systems – in their core operations, and how they managed cyber security challenges. The report for the study was produced in partnership with Telstra International, the global arm of leading telecommunications and technology company Telstra.
The heightened risk of cyber attacks comes as manufacturers move to leverage IT such as cloud, AI, and Internet of Things (IoT) as part of their digital transformation – a process defined as Industry 4.0. While the convergence of IT with traditional OT can increase scale, resilience and efficiency in operations, it also increases the attack surface for cyber threats. Critical industries are increasingly lucrative targets for cyber exploitation including ransomware.
Manufacturers affected by a cyber attack reported a resilience or availability issue that cost individual firms between US$200,000 and US$2 million, taking the biggest hit when incidents affected enterprise and corporate systems or production control.
Geraldine Kor, Telstra International's Head of Global Enterprise Business, said: "Greater connectivity between IT and OT is necessary to harness advanced technology for manufacturing innovation, but it increases the risks of a breach. However, very few firms are mature in protecting and defending against such cyber risks.
"Our study also uncovered a fragmented approach to security responsibility, which can leave manufacturing businesses without a clear direction. This responsibility must be clear and integrated so that one group or person will have the authority to act on security challenges for mission-critical systems. It is equally important to have the right people and security-focused culture as their absence will hinder security posture readiness, compounding technical challenges."
Ganesh Narayanan, Telstra International's Global Head of Cyber Security, noted that the manufacturing and other industrial sectors historically relied on air gapping for security, where OT systems are typically segregated from corporate IT systems to protect against external threats.
However, this approach is no longer sustainable with increasing IT-OT convergence, which expands the threat surface significantly.
He said: "IT and OT integration create enormous value for organisations across industries, although organisations must address risks to unlock its potential. Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assign responsibility and accountability, leveraging the right tools, and expedite readiness with standards."
Adam Etherington, Senior Principal Analyst at Omdia, said: "Our study illuminates critical attack vectors and lessons learned, and provides timely advice for any executive responsible for IT and OT.
"More pervasive connectivity between IT and OT is essential across greenfield and brownfield manufacturing system design and enhancements. Step change improvements to innovation, availability, safety and security require firms to harness cloud, IoT, AI and private networks, with IT/OT convergence bringing these technologies to life.
"However, most firms have been hit with expensive outages and security incidents while traditional security controls, policies and culture struggle to keep pace. Given the magnitude of downtime costs from any breach or network incident that impacted operations, it's important to better understand the causes for proactive remediation."
Please see "Notes to Editor" below for additional details of the study
#####
About Telstra International
Telstra is a leading telecommunications and technology company with a proudly Australian heritage and a longstanding, growing international business. Telstra International empowers enterprise, government, carrier, and OTT customers with innovative technology solutions. These services are underpinned by our wholly owned subsea cable network, which is the largest in Asia Pacific and includes more than 30 cable systems spanning over 400,000 km, with access to multiple cable landing stations and more than 2,000 points of presence around the world. For more information, please visit telstrainternational.com
Notes to Editor
Key findings
1. Industry 4.0 is the biggest factor driving IT-OT convergence
86% of respondents said connecting IT with OT was important or very important to achieve business outcomes, acknowledging the vital, complementary roles they play. Industry 4.0 was the top factor driving IT-OT convergence in the past two years, with 47% of respondents citing it alongside cyber security, and increasing resiliency and availability.
2. Increase in overall OT security incident with significant financial loss as impact
Four in five, or 80% of respondents, indicated they saw a "significant increase" in overall security incidents or breaches in the past 12 months, with manufacturing firms of different sizes impacted. Respondents were not asked to quantify the level of this increase. 62% of manufacturing firms experienced a resilience or availability issue, typically costing US$200,000 to US$2 million. This cost impact was common across regions.
3. Most attacks started in IT, not OT
The study found Cyber-to-Physical security attacks, referring to IT attacks that impacted OT or operations, accounted for 75% of such incidents. Most attacks took place at the higher level of the IT/OT stack, namely the more advanced layers of the technology systems that are used to process or analyse data. Advanced persistent threats (APT), malware, and distributed denial of service (DDoS) were reported as the most prevalent attacks on OT systems.
4. Only a small percentage of manufacturing firms are 'advanced' in securing IT/OT
Omdia used the NIST and ISA95 frameworks to assess the current maturity of organisations in securing IT/OT convergence. Only 45% of all manufacturers were very prepared for IT/OT converged security across important areas that include securing networking, security awareness, supply chain risks, and cultural issues. 42% were 'somewhat' prepared and 13% were not at all prepared, with no formal process in place.
5. Responsibility for OT security increasingly coming under IT's remit
While historically engineering-led production managers were directly responsible for production and operations in manufacturing, this model is changing as IT-OT convergence gathers momentum. The study shows OT security responsibility is increasingly falling into the remit of Chief Information Security Officers (CISO), and other executives from an IT security background. One in five respondents said their CISO was responsible for understanding and implementing IT/OT converged security in their organisation.
6. More manufacturing companies are outsourcing their IT/OT security
Respondents highlighted challenges in finding skilled and experienced staff who understand both IT and OT from a security perspective, especially in their industry context. As a result, most firms will engage a third party under an outsourcing agreement or with in-house teams to bolster IT/OT-specific security services. North American firms (51%) are most likely to outsource their IT/OT security in the next 18 months, followed by those in Asia Pacific (43%), Europe (37%) and Latin America (37%).
About the Survey
The Telstra International Global Manufacturing Security Services Market Study 2024 was carried out by Omdia in September 2024.
Respondents
513 technology executives responsible for IT or OT security were surveyed
51% were Technology or Security Executives e.g. CIO
