WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
The World Economic Forum (WEF) published a playbook that outlines three guiding principles to support manufacturing and supply chain leaders in establishing a culture of cyber resilience throughout their organizations. Over the past decade, the WEF playbook recognizes that manufacturing has been experiencing a swift digital transformation, fueling growth, efficiency, and profitability. This trend has also, however, exposed the sector to a wide range of cyber threats, such that manufacturing has become one of the sectors most targeted by cyberattacks.
The three guiding principles for manufacturing and supply chain leaders to establish a pervasive cyber resilience culture are: prioritizing cyber resilience as a business imperative, integrating cybersecurity into all aspects of the organization, and managing the ecosystem through trusted partnerships and awareness. These principles are interconnected and mutually reinforcing, applicable across various manufacturing sectors and locations. Each principle is defined with additional guidance, contextualized with key considerations, and complemented with real-world manufacturing use cases to facilitate adoption and effective implementation.
As digitalization progresses, the manufacturing sector must prioritize building a robust cyber resilience culture to navigate the growing cyber threat landscape. To this end, the Centre for Cybersecurity and the Centre for Advanced Manufacturing and Supply Chains of the WEF convened a community of cyber leaders from across the manufacturing ecosystem to discuss key challenges and identify best practices. The community developed this playbook outlining three cyber resilience principles, supported by real-world manufacturing use cases to facilitate adoption and effective implementation.
The WEF playbook is a pragmatic framework enabling businesses to navigate strategic, organizational, operational, technical, and regulatory challenges. It will foster a robust culture of cyber resilience that can counteract current and future threats.
The upsurge in connectivity and data transparency in the manufacturing ecosystem has expanded the sector’s exposure, making it, for three years in a row, the sector most targeted by cyberattacks, accounting for 25.7 percent, with ransomware comprising 71 percent of these attacks. Given the complexity of modern supply chains, disruptions along the manufacturing process can have system-wide cascading effects, beyond the control of any single entity. The inherent complexities of manufacturing and supply chains demand a holistic approach to mitigating cyber risks. Embedding a culture of cyber resilience in the organization’s DNA is essential.
The WEF playbook detailed that cyberattacks can not only disrupt businesses and supply chains, offsetting the gains from digitalization but also result in financial, productivity, reputational, and even physical damage. In fact, nearly 57 percent of cyberattacks on OT (operational technology) in 2022 had real-world physical consequences, including production and loading disruptions, fires damaging equipment, and accidents putting shop-floor workers at risk. The tally of cyberattacks continues to surge year after year, with extortion-based attacks remaining a prominent type.
In 2023, the WEF playbook said that ransomware payments reached an unprecedented $1.1 billion. “Over the course of 2023 alone, the number of ransomware attacks on industrial infrastructure doubled, posing a significant threat to supply chain and manufacturing operations,” it added.
Ransomware remains the top-of-mind concern for manufacturers with 40 percent of the cyber resilience in manufacturing survey respondents ranking it first. According to recent research, ransomware attacks on industrial organizations increased by nearly 50 percent in 2023, with 71 percent of attacks directed at manufacturers.
Among the significant risks facing manufacturing organizations, social engineering and phishing, ranked as the second most prominent cyber threats overall, were identified by 34 percent of survey respondents. Following closely, supply chain attacks secured the third position. Insider threats and denial of service attacks ranked lower in the overall hierarchy of cyber threats for the survey respondents overall.
The Cyber Resilience in Manufacturing survey identifies business disruption as the primary impact of cyber incidents, with 60 percent of respondents highlighting its significance. These findings align with the Global Cybersecurity Outlook 2024, where 45 percent of leaders expressed operational disruption as their greatest concern in the event of a cyber incident. Safety concerns ranked second, with 35 percent of respondents, followed by potential damage to customer assets. These insights emphasize the profound and far-reaching impact of cyberattacks within the manufacturing sector and the urgent need for robust cybersecurity measures to safeguard its integrity.
The manufacturing sector operates within a complex ecosystem characterized by diverse sites, extensive supply chains, and interconnected networks, which rely on numerous suppliers, vendors, and partners. While the sector reaps the benefits of digitalization and emerging technologies, it also grapples with challenges across five dimensions, each presenting unique hurdles on the path to cyber resilience.
The WEF playbook addresses divergent cultures and resources, increased connectivity and legacy systems, operational sensitivity to downtime and extended ecosystem dependencies, strategic alignment with business priorities, and widespread and complex regulatory landscape.
Making cyber resilience a core part of the organizational DNA is essential to navigating cyber risks across the manufacturing sector. The industry can use the three guiding principles to support manufacturing and supply chain leaders in establishing a strategy to deliver an overarching cybersecurity culture across their organizations. These principles complement existing frameworks, standards, and regulations and have been formulated after extensive research and consultations with industry leaders and standards and regulatory bodies as well as insights from the Cyber Resilience in Manufacturing initiative. Each principle is supplemented with additional guidance, key considerations, and use cases to facilitate adoption and effective implementation.
The key elements to make cyber resilience a business imperative revolve around cultural change; comprehensive cybersecurity governance; securing budget and resources; and creating incentives to ensure cybersecurity is an objective that all stakeholders relate to. Organizations must ideally lead from the top, establish cybersecurity governance, secure budget and resources, and create incentives.
Cyber resilience should be integrated ‘by design’ into every process and system. This means treating cyber resilience as a fundamental requirement in developing new products, processes, systems, and technologies. Cybersecurity should be Integrated into every process and asset to foster a cyber-resilient environment. Organizations must Invest in education and training, include cybersecurity in critical business processes, continuously improve operational assets, and prepare to respond to and recover from any cyber incident.
The WEF playbook also identified that manufacturing organizations need to shift from supply chain to ecosystem security to manage systemic and cascading risks. The manufacturing ecosystem is composed of a variety of stakeholders including raw material and packaging suppliers, production facilities, assembly lines, service providers, original equipment manufacturers (OEMs), vendors, logistics and transportation suppliers, information sharing and analysis centers (ISACs), and regulatory authorities. In the ecosystem, manufacturers are both suppliers and providers of products and/or components. Manufacturing organizations need to establish trusted partnerships by raising security awareness and security posture across the ecosystem.
In its conclusion, the WEF playbook said that a holistic cyber resilience culture enables manufacturers to maintain consistent and resilient operations, effectively addressing digital challenges while ensuring business efficiency. Integrating cyber resilience into business strategies is fundamental to enable manufacturing organizations to fully leverage the transformative potential of digitalization and innovation.
It added that recognizing the complexity and scale of integrating cyber resilience across the manufacturing ecosystem, this playbook offers guidance to understand the impact of cyber risk on manufacturing and work together to drive a successful cyber resilience culture in manufacturing.
Last March, the WEF announced that it convened a multistakeholder community to strengthen cyber resilience across the whole manufacturing ecosystem, as the sector remains the ‘most targeted sector’ by cyberattacks. Experts assessed that while digitalization benefitted the manufacturing sector, the gains could be offset by the risks, as manufacturing is the most targeted sector by cyber-attacks.
Related
