The Cost of Cyberattacks in Manufacturing

Manufacturers are increasingly targeted by ransomware attacks due to the necessity and intricate nature of their operations. With their crucial role in the global supply chain and reliance on “just in time” inventory levels and delivery expectations, manufacturers have little tolerance for downtime. Unfortunately, recovering from a cyberattack can be both costly and time-consuming.

In some instances, the malware infiltrates production systems, leading manufacturers to temporarily shut down their physical systems as a precautionary measure. This becomes a lucrative strategy for cybercriminals who understand that organizations may be more inclined to pay ransom demands rather than endure prolonged operational disruptions while attempting to regain access. From the significant financial implications to the disruptive effect on operations, the cost of cyberattacks in manufacturing cannot be overstated. As organizations continue to grapple with the relentless threats, proactive measures and heightened cybersecurity practices are imperative to mitigate risks and safeguard against future attacks.

In early 2019, Norsk Hydro, a global leader in light-weight metals production, suffered a devastating cyber-attack. This malicious act not only forced the company to halt some of its operations, but also required a switch to manual operation, resulting in staggering costs of $52 million.

Not long before that, in 2018, TSMC, a prominent manufacturer in Taiwan, was also hit by a harmful cyber-attack. The consequences were severe as it disrupted their production, leading to estimated losses of $170 million.

The financial impact of these attacks goes beyond immediate losses. The downtime in manufacturing capacity has a compounding effect that can reverberate in various ways. It affects insurance premiums, damages brand reputation, lowers share prices, and erodes consumer confidence, thereby resulting in heightened costs for many years to come.

Disruptive 2023 Cyberattacks

On Monday, September 18th, 2023, Clorox issued a warning about the significant financial impact stemming from a cyberattack that occurred on August 14th, 2023, leading to ongoing production disruptions. Known for its bleach products and Pine-Sol, Clorox expressed uncertainty about when it will be able to resume full operations and restore normalcy in its production. The cybersecurity breach has already affected Clorox’s fiscal first-quarter results due to product outages and delays. Nonetheless, the company assured that it has contained the threat and aims to gradually restore its systems starting next week, with the goal of eventually returning to full production.

The attack on Clorox was disclosed on August 14, prompting the company to take its systems offline and involve law enforcement. Unfortunately, a month later, the attack is still causing widespread disruption, forcing manual procedures and scaling back order processing. Consequently, fewer products are making their way onto store shelves. In response, Clorox shares traded approximately 1% lower, as investors reacted to the fallout from the cyberattack.

Notably, Clorox is not the only manufacturing company grappling with cyberattacks in 2023. In May 2023, car manufacturer Suzuki had to halt operations at a plant in India due to a cyberattack. According to sources from Autocar, production has been stalled since Saturday, May 10, resulting in a loss of over 20,000 vehicles. The identity of the attackers remains undisclosed by Suzuki. In total, the auto industry is projected to lose $24 billion from cyber-attacks just this year.

In June 2023, snack and confectionary manufacturer Mondelez, the parent company behind beloved brands like Oreo, Chips Ahoy!, Sour Patch Kids, Toblerone, Milka, and Cadbury, notified its employees about a compromise of their personal information. Approximately 51,110 employees are believed to have been affected by this incident. It is concerning to note that the breach occurred in February, but was only discovered three months later in May. This unfortunate incident cost Mondolez $100 million in downtime and serves as a reminder of the importance of cybersecurity and the need for constant vigilance in protecting sensitive personal information.

In September 2023, Topgolf Callaway, a US golf club manufacturer, experienced a significant data breach impacting more than one million customers. The stolen data encompassed a range of personal information, including full names, shipping addresses, email addresses, phone numbers, account passwords, and security question answers. Such an unfortunate incident calls for immediate attention and reinforces the importance of safeguarding your customers’ personal data.

In October 2023, car manufacturer Toyota disclosed a concerning security breach. Nearly 300,000 customers utilizing their T-Connect telematics service have had their email addresses and customer control numbers compromised. What’s reassuring is that Toyota assured their customers that their financial data, such as credit card information, names, and telephone numbers, remains untouched. This security breach started back in July 2017, and Toyota advised all customers to stay vigilant against potential phishing emails.

To mitigate vulnerability to cyberthreats, manufacturers should adopt several key practices. First, developing secure backups and establishing business continuity and disaster recovery plans will prove invaluable in the event of an attack. Additionally, considering cyber insurance can help cover the costs associated with investigating, remediating, and responding to cyberattacks.

Prevention is key, and manufacturers should conduct regular security audits, update and patch systems consistently, and implement multi-factor authentication processes. Equally important is continuous education and training for personnel. By familiarizing employees with the nature of cyberthreats, emphasizing the consequences of breaches, and educating them on their role in defending against these threats (e.g., recognizing phishing attempts and practicing secure data management), companies can significantly enhance their cybersecurity posture.

It is essential that manufacturers recognize the ever-present danger of cyberattacks and prioritize the implementation of comprehensive security measures. If needed, they should also seek manufacturing financing to invest in robust cybersecurity measures to safeguard their operations, finances, and reputation.

Your privacy is important to us. ARF Financial will never sell or rent your information to any third party. Click here for more information about our privacy policy.