The current trend is for advanced manufacturing companies to use more and more technology in production, gradually blurring the boundaries between manufacturers and technology companies. Ford, for example, now registers more technology patents than Google or Amazon: More than one million lines of code can now be found in the average luxury car, compared to around 1.7 million lines of code in the Windows kernel.

Risk of neglected innovation

Unsurprisingly, leading manufacturing and logistics companies are upgrading their digital technology level. As if competition within these sectors wasn't fierce enough, today's manufacturers and logistics providers are facing new, digitally-enabled entrants pushing into adjacent markets. For example, while carpooling and car sharing have a positive impact on the environment, car dealerships are now struggling to make sales. Innovative start-ups are forcing established companies to rethink their business models and the way they work.

If organizations rest on their laurels and do not react quickly enough to potential disruptive factors, things can quickly go downhill: It is important to weigh up whether it is better to follow tried and tested paths or to try something new and innovative. If you opt for the tried and tested, there is a risk that new, unconventional competitors will overturn your own market position.

Production and logistics companies need to assess the likelihood of a cyber attack and calculate the cost of losing market share to an emerging competitor. Plans to offset these risks are also fundamental. At the same time, however, these same plans may make it necessary to take further risks, such as investing in a new technology or acquiring a start-up.

Extended attack surface

As manufacturing and logistics companies adapt to digital transformation, they need to prepare for the impact it can have in terms of cyber security. Both sectors are already prime targets for attackers seeking to steal their intellectual property or disrupt their operations, including their supply chains.

It can be assumed that the cyber attack risk will increase the more deeply manufacturers and logistics providers integrate sensors and other connected devices into their daily processes. The IoT further increases the potential attack surface and the various points of attack for organizations. A deep understanding of how different technologies are connected to organizations' infrastructure and critical processes is the first step to mitigating risk.

Cyber attacks often bring with them a host of other problems, such as operational disruptions or invasions of privacy. The NotPetya ransomware has taught manufacturers, logistics providers and other companies a hard lesson about how little resilience companies have in reality. NotPetya forced many companies to fall back on old manual processes to keep their operations running. But the companies whose processes were newer and fully digital faced a real problem.

NotPetya has made it clear to companies how important it is not only to have plans for continuous operations, but also to ensure that the plans are effective and available to every employee in the event of a cyber attack. NotPetya has also shown how important it is to have a functioning accident or risk management system and to act quickly in a crisis situation. This can drastically reduce losses and shorten downtimes.

As organizations become increasingly dependent on digital technologies, they need to understand and know how to act in the event of a crisis in order to recover as quickly as possible.

In terms of privacy risk, many of today's digital business strategies aim to target consumers on a very personal level. This type of personalization requires manufacturers to analyze a variety of data points about the end users of their products. At the same time, there are increasing local and global privacy regulations that dictate what companies can and cannot do with customer data - as well as hefty fines for companies that violate them. Manufacturers must therefore ensure that their digital strategies comply with a wide range of data protection regulations: Consumers must have "the right to be forgotten" so that they can force companies to obscure or completely delete their data.

Assessment of ecosystem risks

Last but not least, manufacturers and logistics companies need to address third-party and supply chain risks. Product pedigrees and trust in the supply chain are needed to mitigate the risk of introducing risky technology into products and other forms of tampering. This is why some manufacturers are using blockchain technology to manage product provenance.

To mitigate the risk in the first place requires at least an understanding of the risk potentially posed by third or fourth parties, combined with new levels of due diligence on upstream suppliers. Such an assessment of the risks to the ecosystem can help manufacturers determine whether dual sourcing is an appropriate strategy to mitigate third party and supply chain risks.

Cyber attack risks, resilience risks, privacy risks and third-party risks: they show us the interconnected nature of digital risks in the areas of manufacturing and logistics. The more interconnected these risks are, the greater their impact. Managing these complex digital risks requires manufacturing and logistics organizations to coordinate traditionally siloed functions such as IT, security and risk management, and to use standard processes and frameworks. The organizations that accomplish the difficult task of bringing these functions together are better positioned to drive digital transformation with conviction and reap the benefits of calculated risk.

Heidi Bleau, RSA Fraud & Risk Intelligence