Ready or not, the next generation of manufacturing has arrived. Manufacturers are up against coalescing forces of technological disruption, economic uncertainty, globalization and trade upheaval—all of which will shape the manufacturing industry of tomorrow. Today, that means there is a wide array of business risks to identify, evaluate and build into business strategy.
There’s ample reason to believe, however, that 2017 was primed for the beginnings of a manufacturing renaissance. The Institute for Supply Management’s Manufacturing Index inched up to 58.8 in August, beating estimates and indicating the manufacturing economy grew for the 99th consecutive month. New orders, employment and inventories reflect stability, and coupled with the installation of a new administration, vocally committed to boosting U.S. manufacturing competitiveness, momentum seems to be building.
For private equity firms focused on the manufacturing industry, there is more than enough evidence demonstrating that the new industrial revolution should provide an opportunity to drive meaningful returns on investment in the sector. The arrival of Industry 4.0, or the fourth industrial revolution, signifies the next era in manufacturing, in which plants, processes, products and people come together in an entirely new way, blurring the line between the digital and physical. Born out of a confluence of technology disruptions—from Big Data and analytics to the Internet of Things to artificial intelligence—Industry 4.0 ultimately hinges on the ability to integrate data with physical processes.
Arguably, the biggest challenge to implementing an Industry 4.0 strategy is the emergence of new cybersecurity risks on factory floors and in products. The integration of new cyber-physical systems creates more potential access points for bad actors, leading to an entirely new set of security risks.
Cybersecurity broke into U.S. manufacturers’ top five risks this year, according to the recently published 2017 BDO Manufacturing Risk Factor Report, which examines the risk factors in the most recent 10-K filings of the largest 100 publicly-traded U.S. manufacturers across five sectors, including fabricated metal, food processing, machinery, plastics and rubber and transportation equipment.
This year, nearly all (96 percent) manufacturers cited potential security breaches in their filings. That represents a 50-percent jump from just four years ago when 64 percent of manufacturers mentioned them. And there’s good reason for growing concern. According to IBM and Panemon, the average cost of a data breach was $4 million in 2016. Beyond the financial fallout of an attack, companies can experience significant reputational costs in the aftermath of a breach if trust in their brand falters.
On the bright side, the prevalence of cyber-attacks like this year’s WannaCry, Petya and Equifax has shifted the dialogue around how companies approach cybersecurity protections: it’s no longer about if a company will experience a breach, but when. As companies become more reliant on information systems and operational technology, the focus of cyber-strategy is shifting from prevention to incident response and recovery.
Data from our 2017 MPI Internet of Things Study suggests, however, that manufacturers still have room for improvement in their cybersecurity protections, and some could be overconfident. The majority (81 percent) of manufacturers surveyed globally say they’re confident in their current cyber-risk management program to address the security concerns in the increasingly connected manufacturing environment. Yet, more than a quarter (27 percent) said they don’t have or are not sure if they have a security policy in place for their supply chain partners and other vendors.
So, how should that impact the way manufacturing investors evaluate risk? Private equity firms already face an outsized cyber risk due to the nature of managing multiple, often disparate, technology platforms across their portfolio. If a weakness is exploited in one platform, preventing its spread can prove all the more challenging, particularly among manufacturing companies that are increasingly connecting to the cloud. Running an extensive cyber-risk due diligence process on target companies has become a necessity prior to acquisition, which was one of the primary drivers behind BDO’s launch of an IT risk assessment tool early this year.
As manufacturing portfolio companies shift to more connected manufacturing operations, investors must consider the security implications and embed protections into products from design to distribution and everywhere in between. It is imperative that firms build a forward-looking cybersecurity framework that considers the evolving threat environment and cyber risk throughout the entire supply chain. To achieve that, investments should prioritize proactive threat intelligence, detection and rapid response. Cyber risks can also grow exponentially, should an attack occur, so firms should take additional care to ensure financial risk is minimized. That includes ensuring sufficient and appropriate cyber-insurance coverage is in place.
For more information on how BDO can support your cyber-risk management initiatives, contact:
Rick Schreiber is partner and national leader of BDO’s Manufacturing & Distribution practice. He can be reached at firstname.lastname@example.org.
Gregory A. Garrett is head of international cybersecurity in BDO’s Technology and Business Transformation Services practice. He can be reached at email@example.com.