2021 Manufacturing Data Risk Report

The 2021 Manufacturing Data Risk Report is the third report in our annual series analyzing industry-specific threats, trends, and solutions.

This report focuses on the growing cybersecurity threats facing industrial manufacturers and engineering firms. We compiled our findings by analyzing 4 billion files across 50 organizations.

Many of our findings are further broken down by company size:

1. Small: 0–500 employees
2. Medium: 501–1,500 employees
3. Large: 1,501+ employees

This report aims to help manufacturing organizations assess the current cybersecurity landscape objectively and provide advice that companies can leverage to decrease their attack surface.

KEY FINDINGS

Threats against the manufacturing sector continue — from big game ransomware groups that steal victim’s data before encrypting it, to nation-state attackers seeking technology secrets, to company insiders looking for information to grab and sell to the highest bidder. Recent news headlines show how crippling ransomware attacks can halt assembly lines and disrupt supply chains.

Overexposed information — especially sensitive data – exponentially increases risk. This exposure is your “blast radius” — think of it as all the damage an attacker can do once inside your environment. If just one employee clicks on a phishing email, an attacker can potentially access every file an employee can touch. When a company insider decides to go rogue, they can take their time and steal valuable information to exploit for personal gain.

We sought to understand the extent to which the manufacturing sector is protecting its sensitive information from these evolving threats.

We found that every employee can access, on average, 6 million files on their first day on the job. We also found that, on average, over 27,000 sensitive files are open to everyone in a company.