New Manufacturing Report Ranks Cyber Threat and Supply Chain As Top Concerns

Manufacturers rank cyber threats as high a concern as do companies in other industries, but their perceptions of supply chain risk and methods of measuring and managing cyber risk lag other sectors in notable ways.

The 2019 Marsh Microsoft Global Cyber Risk Perception Survey asked 1,500 managers at leading companies how they view and manage cyber risk in the context of a fast-evolving business landscape.  A comparison of responses by manufacturers to those of other businesses reveals many similarities, but also several key differences:

Cyber Risk Concern Matches All Industries

• 76% of manufacturers rank cyber threats as a top five risk, up from 58% that did so in 2017.
• 79% of all companies rank cyber threats as a top five risk, up from 62% in 2017.

Cyber risk is a top-five concern for manufacturing organizations, with 22% ranking it #1.

However, when asked to rank all other key business risks, manufacturers rank supply chain disruption much higher than other industries do:

• 61% of manufacturers rank supply chain disruption as their 3rd highest business risk.
• Across all industries, 36% of firms rank supply chain disruption as their 7th most critical risk.
• Economic uncertainty is the 2nd most critical risk for both manufacturers (61%) and across all industries (59%).

Cyber risks are the top concern for manufacturing organizations; supply chain disruptions also high on the list.

Manufacturers’ Cyber Confidence is Lower

Manufacturers are less confident in their ability to manage cyber risk today than companies in all industries.  Looking at the three main areas of cyber risk confidence, manufacturers are both less “highly confident” and more “not at all confident” than other firms:

• Understanding/Assessing cyber threats:  20% of manufacturers are not confident, vs. 17% for other industries.
• Preventing cyber-attacks:  24% of manufacturers are not confident, vs. 18% for other industries.
• Responding to cyber-attacks:  26% of manufacturers are not confident, vs. 21% of other industries.

Confidence in cyber resilience measures slipped from 2017 to 2019.

Concern Over Supply Chain Risk, but Not Individual Partners

While manufacturers expressed much higher levels of concern about supply chain disruption than did companies in all industries, manufacturers were not as concerned about risk presented by supply chain partners – a finding that is true across all sizes of firms.

• 30% of all manufacturers perceive risk posed to them by their supply chain, compared to 40% of all industries.
• 17% of all manufacturers believe they may pose risks to their supply chain, compared to 16% of all industries.
• The disparity is even more striking when looking at concern levels by organization size: 

Large manufacturing firms are more likely than smaller manufacturers to perceive a high level of cyber risks posed to their organizations by their supply chain partners.

Approach to Cyber Risk Management Lags Other Industries

Across several key dimensions, manufacturers apply a less strategically rigorous approach to managing cyber risk than do other industries.

• 41% of management roles in manufacturers spend several hours or less on cyber risk per year, compared to 35% for all industries.
• 24% of manufacturing firms measure their cyber risk economically, compared to 31% in other industries.
• 20% of manufacturers have conducted management training in the past 2 years, compared to 30% of all other industries.
• 23% of manufacturers have modeled cyber loss scenarios in the past 2 years, compared to 29% of all other industries.

Fewer manufacturers have implemented key cyber risk resilience actions, focusing instead on technical actions.