Downtime is a key performance metric on the mind of nearly all manufacturing and distribution organizations. When downtime occurs, organizations often experience unnecessary expense and loss of revenue. Downtime falls into two categories: scheduled and unscheduled. Scheduled downtime is predictable and planned, including breaks, lunch, shift changes, meetings, etc. Unscheduled downtime varies but includes out-of-stock inventory, equipment malfunction, operator error, and increasingly, cyberattacks. New research by Global Irdeto, a world leader in digital platform security, underlines the importance of cybersecurity and reveals that 79 percent of manufacturing and production organizations surveyed have experienced a focused cyberattack in the past year.

Assisting customers in the manufacturing and distribution space with incident response plans have led us to encourage organizations to focus on a few key areas to prepare for these types of cyber events:

  • Define what risks are acceptable to your organization: A risk assessment is a non-technical consideration that most organizations overlook when considering cybersecurity. It is important for every organization to determine their greatest area of risk to profitability. A defense strategy can then be designed and implemented to this acceptable level of risk. For instance, what is an acceptable level of downtime in the event of a cyberattack? Once that has been determined, the proper controls can be put in place to make sure that systems can be restored in the appropriate time from a cyber incident.
  • Develop an Incident Response Plan (and test it!):  One area often overlooked by many organizations is the ability to recover from a serious incident (physical, weather-related, cyber, etc.). The risks associated with many cybersecurity threats can be mitigated by having a mature Incident Response Plan that meets a recovery time pre-approved by executive management. The key is to make sure there is a clear understanding of what an acceptable level of downtime is to an organization in the event of an emergency, and ensuring plans exist to meet that requirement. For instance, organizations that have a mature and tested plan to restore from backups, in the event of a ransomware attack, can often resume business operations in a short period of time, avoiding a debilitating outage that impacts profitability.
  • Develop a ‘Defense in Depth’ strategy: If you spend much time with cybersecurity professionals, you will often hear the term “defense in depth”. This terminology is used to define a process where organizations do not trust one technology, control, or even IT provider to secure their organization. This strategy makes sure that an organization is protected by multiple lines of defense in the event one line fails.  In the manufacturing world, one key component of this strategy is to ensure your production network is segmented, or separated, from the threats that may be introduced from the administrative network. Keeping the tools and equipment that operate a manufacturing plant separate from other computer systems reduces the likelihood the plant can be shut down from a cybersecurity-related incident. This is just one example of a control that should be implemented in an organization practicing the strategy of ‘defense in depth’.

We Can Help

Brian Kirk is located in the Greenville, South Carolina office of Elliott Davis and has more than 25 years of extensive, high-quality Information Technology and Security experience in various industries, where he held Senior Leadership roles, including Enterprise Architect, Chief Information Security Officer, and Vice President of Technology. If you need assistance or have any questions, please contact him at

The information provided in this communication is of a general nature and should not be considered professional advice.  You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.