No one can blame manufacturers’ preoccupation with unrelenting COVID economy challenges: workforce shortages, higher pricing, clogged supply chains, capacity-straining customer demand, or worse, inability to regain pre-pandemic market share. I don’t want to pile on, but manufacturers must add cybercriminals to their worry list.
For our cover story “Cyber Insecurities” (page 30), I sat down with three experts: Kevin Pomeroy at USI Insurance Services, Shalin Johnson at Marsh & McLennan Agency, and Jeff Olejnik at Wipfli.
Let me tease out some of the lessons I took away from this fascinating conversation.
It starts with a whopper: Cyber thieves are on track to rake in $10.5 trillion a year by 2025. These are sophisticated terrorist enterprises. But they are also Tony Sopranos who today can set up a successful cybercrime syndicate using tools available on the internet. To make Big Money in this criminal field today, you can execute a sophisticated Fortune 500 heist, or go after 10 smaller companies — with far less sophisticated defenses — and set your ransom for each at a 10th of what you’d ask Target or Medtronic. I know which path I’d take!
So, who are the next pigeons on the cyber mafia’s list? Compelled by regulators, these industries have already built (or are building) robust cyber defenses. How about small- and medium-sized manufacturers who a) doggedly deny the threat and dismiss opportunities to invest in cyber defenses, and b) simply cannot afford to shut down a plant’s production and thus will have little choice but to pay up to these criminals? You tell me.
Cyber insurance is a no-brainer. Every manufacturer reading this should accept the fact that insurance premiums are rising along with increased risk. You’ll read in our discussion how insurers have paid out $1.75 for every $1 they’ve received in premiums over the past year or so. It is an unfortunate cost of doing business for all.
Everyone should also act. IT professionals will start by equipping your systems with defenses like multi-factor authentication. But the most significant action will begin with the understanding that your principal vulnerability lies within your people, not your equipment. Our panelists all agree that companies need to identify companywide awareness of their vulnerabilities, starting with the highest levels of management. Employee training must be more rigorous than merely adding it to check-the-box components of new employee onboarding or circulating a yearly all-staff memo. Everyone must recognize that any step that makes it easier for employees, vendors, or customers to access their system also opens that same door for cyber thieves. Every personal laptop or smartphone that accesses their system may invite unwanted visitors.
I am persuaded that without planful preventative actions, cybercrime will become the biggest threat facing manufacturers within the next half-decade. We’ve noted how cyber-talk in recent focus groups mirrors the way some manufacturers started to squirm at the first long-term prospects of worker shortages. It can’t happen to us, right? Wrong. Rest assured that this is not hyperbole. Consider it, ironically, a data-driven call to action.
Featured story in the Spring 2022 issue of Enterprise Minnesota magazine.