MUNICH—Outdated and unsupported legacy operational technologies (OT) are exposing substantial vulnerabilities for manufacturers facing escalating threats from nation-state attacks, according to a new study conducted by BlackBerry Ltd.

The survey of 1,500 manufacturing IT decision makers across North America, UK, Germany, Japan and Australia revealed that 41 percent of manufacturers anticipate an elevated risk of cyberattack in 2023. In addition, three-quarters of respondents fear nation-state attacks and 65 percent are concerned about foreign governments spying on their facilities. At the same time, 68 percent say OT infrastructure is difficult to defend and 86 percent admit to running core functions on outdated and unsupported legacy operating systems.

“Global manufacturers are headed for stormy waters as nation states up the ante on surveillance,” says Shishir Singh, chief technology officer for cybersecurity at BlackBerry. “The risk of a cyber-incident is high—and rising—yet the industry is hampered by a threat surface that is largely antiquated and difficult to defend. Over the past year, three cybersecurity trends significantly impacted OT and IoT infrastructure: ransomware attacks, phishing attacks and third-party software vulnerabilities.

“Cybersecurity has become a significant barrier to progress, and managers shackled by aging hardware and outdated operating systems are challenged to unify security across old and new to forge ahead with modernization. With aged and isolated equipment, the truth is that it is difficult to put protection into these environments. But not impossible, and with a lightweight footprint and OS agnostic solution, protection can be extended to every eligible endpoint to mitigate this exposure across manufacturing infrastructure.”

BlackBerry’s research revealed that manufacturing IT decision-makers around the world are predominantly concerned with malicious malware attacks (56 percent), followed by phishing attacks (49 percent) and unauthorized access by non-malicious insiders (45 percent). This may reflect that manufacturers are concerned with nation-state threats that seek to create disruption and unplanned downtime, rather than extort ransom payments.

The research also showed that 65 percent of manufacturing IT decision-makers believe the cost of a cyber-breach to be $250,000 or less. Almost half (47 percent) of respondents estimate that business downtime would account for just one-tenth of that cost, while 63 percent point to cyber-incidents resulting in a loss of customers or impacting supplier relationships (59 percent). With unplanned downtime costs soaring due to global inflation and production lines running at a higher capacity, this contrasts with a recent report estimating the true average cost of a data breach in the industrial sector to be more than 16 times higher at $4.24 million.