Data-Rich Manufacturing Demands Cybersecurity of the Supply Chain, Too

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader

and Tony Abel, Managing Director
Supply Chain


Few manufacturers would disagree with the view that the Internet of Things, big data integration and other advances in technology are boosting productivity, streamlining supply and distribution channels, and improving product support. But the WannaCry ransomware attack unleashed on businesses, governments and hospitals across the globe last month and the most recent attack this week delivered a sobering reminder that those digital-driven innovations carry very real risk.

That’s especially true for supply chains. Competition and efficiency demands increasingly compel manufacturers to enlist third-party vendors to produce components for an end product, meaning proprietary information and specification data is sent digitally across the globe, ready for cybercriminals to steal and exploit. One recent survey of 1,400+ supply chain professionals found that data security/IT incidents ranked as the most critical risk to supply chains.

Cyber attacks are likely to grow in frequency and severity, according to our recent Flash Report discussing the WannaCry ransomware event. In the report, we highlighted the need for companies to not only adopt a cyber defense, but also to continuously evaluate and improve it to protect against evolving threats. We noted, again, that many organizations continue to ignore cybersecurity – or at best are inadequately addressing it.

Opaque Supply Chains

It makes sense that businesses that are underprepared in their own cyber defenses have even less insight into the cybersecurity of their suppliers. But clearly they should. According to a 2016 presentation given by cyber supply chain risk management specialist Jon Boyens, a program manager with the National Institute of Science and Technology (NIST), 80 percent of all information breaches occur within the supply chain, and almost 60 percent of companies do not have processes for assessing the cyber security of their vendors. Similarly, more than seven out of 10 organizations lack full visibility into their supply chains.

Even more alarming, NIST anticipated that cyber attacks and data breaches would cause nearly half of the manufacturing supply chain disruptions in the next couple of years. Such incidents are costly. NIST estimated that 55 percent of the disruptions incur more than $25 million in damages per incident. In addition, supply chain breaches that steal or alter data could result in substandard products, the loss of intellectual property, and backdoor access into the manufacturer’s systems, all of which could further tarnish an organization’s brand and diminish its value.

Samsung’s recent bout with the flawed batteries that sparked fires in its Galaxy Note 7 phones illustrates the potential damage to a company’s reputation and bottom line. Samsung ultimately identified specifications provided to its suppliers as the culprit, but not before the company took a $5.3 billion hit to earnings and lost consumer trust. How much worse would it have been if a cyber criminal altered the specifications intentionally?

Supplier Checklist

The good news is that manufacturers can mitigate supply chain risks by ensuring that their third-party vendors are pursuing similar cybersecurity efforts as their own. Here are a few fundamental questions that we recommend focusing on when assessing supply chain IT risk:

  • Does the supplier’s culture promote cybersecurity and ransomware awareness throughout the organization? What kind of training are its employees receiving to recognize and address threats?
  • What cyber defenses are in place, and are they sufficient to counter the latest malware threats? Is the supplier up to date on indicators of compromise for recent attacks?
  • How frequently does the supplier conduct cyber risk assessments? Is the regimen sufficient to keep up with the rapidly evolving threats, and does it include defenses to block operational disruptions? Does the supplier consider the risks in its own supply chain (e.g., Tier 2 and Tier 3 suppliers)?
  • Does the supplier have an effective response plan? How often is it updated, and how often does the organization conduct threat simulations as part of its cybersecurity training?

Sound Agreements Needed

Manufacturers and suppliers seeking to reduce supply chain risk also should review contracts to ensure compliance. Items for each party to consider include:

  • Are the supplier’s cybersecurity obligations spelled out clearly in the contract, and does the language extend to the supplier’s subcontractors?
  • Does the contract include assurances that the supplier has the infrastructure to uphold its end of the contract?
  • Who are the executives or managers executing the contract for the supplier? Are they the most appropriate personnel in regards to understanding cybersecurity threats and the supplier’s ability to meet its obligations?

As cyber threats continue to escalate, it is important for manufacturers to gain visibility into their supply chains in order to assess their overall risk-mitigation and response capabilities. The ideas outlined here represent basic but critical actions organizations should be implementing as they strive to secure the increasing amount of sensitive data shared in the production and sourcing processes.

Manufacturers Are Upbeat About 2017 Business Climate Under New Administration

By Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader




Four straight months of manufacturing job growth through March this year and a decidedly more pro-business climate emerging in Washington have given many manufacturers good reason to consider 2017 off to a good start.

According to the National Association of Manufacturers’ (NAM) first economic outlook survey of manufacturers since Trump took office, more than 93 percent were feeling positive. This not only represents a high-water mark in the survey’s 20-year history, but it is also up from 56.6 percent a year earlier, said NAM, which represents some 14,000 U.S. manufacturers of all sizes.

We are keeping an eye on Washington’s actions that could have the most impact on manufactures and their investment plans and operations in the near future, including efforts to roll back regulations, reform taxes and renegotiate the North American Free Trade Agreement (NAFTA). We’re also watching how the proposed infrastructure improvements and healthcare overhaul are playing out. They, too, will have a significant bearing on manufacturing decisions.

Big ideas

As we detailed in our Flash Report on the Trump administration’s first 100 days, the focus on deregulation is of critical importance to manufacturers, 94 percent of whom believe that the regulatory burden has increased over the last five years. The new administration has reversed several of the Obama administration policies on environmental reviews related to energy, infrastructure and other projects. President Trump’s executive order for broad regulatory reform, for example, included a public comment period (now closed) on “misaligned regulatory actions” at the Environmental Protection Agency (EPA) that are believed to have impeded economic growth. Congress is also taking up legislation, supported by manufacturers and other organizations, which would require agencies to develop new regulations in the most cost-effective way possible for companies.

Certainly, the media’s attention on the controversies surrounding the administration, including the executive orders, may temper manufacturers’ enthusiasm moving forward. That’s particularly true if, as has been suggested by political observers, the controversies end up thwarting the chances of enacting tax reform and other administration agenda items this year. Geopolitical risks, from North Korea to European terrorist attacks, also could distract attention away from domestic policy making.

Nevertheless, manufacturing leaders to date largely remain optimistic that Washington is focused on their most important interests. Testifying on May 18 at a hearing on how tax reform could spur the economy and job creation, NAM Chairman David Farr told the U.S. House Committee on Ways and Means that “we have the best chance in more than 30 years to advance permanent pro-growth reforms” and to improve the country’s manufacturing competitiveness globally.

At Protiviti, I’ve heard similar sentiments from manufacturers, who say they could make investments to expand, beef up research and development, or accelerate hiring and salaries if tax reform were to include a lower corporate tax rate, favorable treatment of international earnings, and a strong capital-cost recovery system. In 2015, NAM reported that incorporating those and other beneficial tax policies would generate more than $3.3 trillion in new investment and 6.5 million jobs over a decade.

Questions still remain

While it’s clear that the proposed regulation and tax reforms will benefit manufacturers, the effect of a NAFTA remake remains a big question. A 90-day period in which Congress will consult the administration about its goals for an amended pact began in May, and talks with Canada and Mexico officials could begin by the middle of August. Many economists believe that NAFTA has generally benefited the U.S., and some corporations were concerned that a complete withdrawal from the pact would hurt business.

But similar to the recent narrow trade-deal with China, the president has softened his harsh rhetoric on NAFTA in favor of a more judicious approach. The U.S. has proposed a modernization of the agreements, with new provisions on digital trade, regulations, intellectual property rights and other elements. Additionally, automotive executives and labor alike are lobbying for stronger currency manipulation protections in a new deal. Unions are also pushing for updates to procurement and origin rules to better support U.S. workers.

With regard to infrastructure, manufacturing and distribution companies stand to benefit from proposed infrastructure improvements and construction, although as of now it is unclear how much will take place. President Trump’s first proposed budget calls for $200 billion in infrastructure spending, well below the $1 trillion he campaigned on. Some portions of healthcare reform could help companies, as well, particularly the elimination of a special tax on medical devices. But again, these issues continue to evolve and they merit a watchful eye.

Protiviti’s outlook – stay agile

The turmoil in Washington aside, the overall pro-growth tone coming from government has given companies at least some confidence about the industry sector’s outlook in the coming months. Manufacturers that begin planning today will be ready to strike and reap the rewards when policies are enacted. It is best to stay nimble, however, and prepare to address risks in an environment that has the potential for rapid, even tumultuous change.

“Stay Nimble”: The Mantra for Manufacturing and Distribution Companies in 2017

Sharon LindstromBy Sharon Lindstrom, Managing Director
Manufacturing and Distribution Industry Leader




For manufacturing and distribution (M&D) companies, which are already well-conditioned to operating in an uncertain global environment, 2017 promises to continue to keep them on their toes. At the very least, it is likely to present a mixed bag of new challenges and opportunities, and executives will need to ensure that their organizations are nimble enough to pivot quickly when faced with disruptive change.

Among the challenges that M&D companies may face this year are the potential negative impacts on trade stemming from the “hard Brexit” course that British Prime Minister Theresa May has set for the United Kingdom. Meanwhile, the new Trump administration’s approach to trade is already proving to be a source of consternation for longtime trade partners like China, Canada and Mexico. President Trump has already pulled the United States out of the Trans-Pacific Partnership (TPP) negotiations and is expected to sign an executive order to renegotiate the North American Free Trade Agreement (NAFTA). With the volume of cross-border imports and exports, the impact on M&D companies could be significant.

On the other hand, possible opportunities for M&D companies include easing and/or elimination of certain environmental regulations in the United States. President Trump told auto industry leaders at a recent roundtable that in the U.S. “environmental regulations are out of control.” Less than a week later, he signed an executive order to reduce regulation and control regulatory costs. The order requires that agencies eliminate two regulations for every one they propose. The Environmental Protection Agency is, of course, one of those agencies.

Also among the flurry of executive orders newly inked by Trump is the “Presidential Memorandum Streamlining Permitting and Reducing Regulatory Burdens for Domestic Manufacturing,” which “directs executive departments and agencies … to support the expansion of manufacturing in the United States through expedited reviews of and approvals for proposals to construct or expand manufacturing facilities and through reductions in regulatory burdens affecting domestic manufacturing.” This order is welcome news to manufacturers, especially those that already believed economic conditions under the Trump administration would be favorable to support their new facility or facility expansion plans. Furthermore, this order does not cover the corporate tax reform that is expected in 2017.

In short, there has been no shortage of dramatic change already in the new year. Interestingly, executives at M&D companies sensed months ago that 2017 would likely be another year of economic uncertainty for their industry – though they may not have known the exact kind or level of uncertainty it would bring.

When Protiviti and North Carolina State University’s ERM Initiative embarked on their research for the latest Executive Perspectives on Top Risks Survey, the Brexit vote had not yet taken place, and the major parties in the U.S. presidential election had not yet nominated their candidates. Nevertheless, executives cited the following as the number one and number two top risks for their industry:

  1. Economic conditions in markets we currently serve may significantly restrict growth opportunities for our organization, and
  2. Anticipated volatility in global financial markets and currencies may create significantly challenging issues for our organization to address.

Both of these macroeconomic risks held the same top positions in the previous year’s survey. This, in my opinion, reflects the ongoing challenges that M&D companies face in a global economy. These challenges are driven not only by political uncertainty and trade agreement considerations, but also by supply chain and sourcing vulnerabilities and currency devaluations.

All this underscores why “Stay Nimble” should continue to be the mantra for M&D companies this year. The rapid-fire changes we have seen so far should not lead to paralysis and/or stagnation. The old adage, “When one door closes, another one opens” has never been more true. The events that have unfolded in the first few weeks of 2017 suggest that businesses in this industry group should be prepared to adapt and innovate swiftly to take advantage of the doors that open.