Cyber risk quantification helps manufacturers translate cyber risks into financial insights, driving smarter investments and governance.
By Shalom Bublil, Kovrr
A quip has circulated amongst cybersecurity experts in recent years, stating that suffering from a cyber event is mostly a matter of when and not if. The manufacturing industry, with its steady migration to the cloud and, therefore, expanding attack surface, is no exception to this revelation. In addition to the other challenges they handle, including supply chain volatility and geopolitical instability, manufacturers will also have to contend with costly, sophisticated cyber attacks in the upcoming year.
Monetary damages quickly build up in the wake of an event, with the Cyber Risk and Financial Resilience in the S&P 500 report finding that, in the case of a 1-in-10-year event, manufacturers face a median loss of 1.1% of their annual revenue. While this figure is ostensibly small, for an average company on the S&P 500, such as the Ford Motor Company, whose profit amounted to roughly $185 billion in 2024, this level of damage would still reach over $2 billion, an impact that can hardly be ignored at the executive level.
As the potential consequences of these digital threats continue to escalate, manufacturing executives would do well to rethink their traditional approach to cyber risk management and, instead, leverage more objective, quantitative frameworks that can help them make crucial governance decisions and effectively mitigate the fallout of the inevitable incident.
Cyber risk quantification (CRQ) is one such means of elevating cyber risk management practices to this level, as it helps steer manufacturing businesses toward a state of financial resilience. In short, CRQ accounts for the multitude of components that contribute to an organization’s cyber exposure and translates the ensuing analysis into financial terms, giving non-technical stakeholders a tangible understanding of the losses that are likely to be incurred in the upcoming year.
The financial perspective eliminates the need for risk managers to rely on assumptions or subjective descriptions of a particular risk and the urgency at which it needs to be addressed. On the contrary, they’ll be equipped with concrete information that enables them to prioritize cybersecurity investments according to their real-world impact.
For example, an on-demand CRQ assessment may illuminate that a ransomware attack driven by a phishing scam has a 22% likelihood of occurring and will, on average, end up costing the manufacturing company $20 million. These figures can then be compared to the lesser threat of, say, a third-party business interruption, and the budget can be distributed accordingly.
This transformative capability of CRQ also leads to enhanced communication between cybersecurity teams and key stakeholders, such as the C-suite and the board of directors. When chief information security officers (CISOs) can present risk in terms that these executives are already deeply familiar with, such as financial implications, discussions mature into actionable, strategic plans.
While CRQ can be used to optimize the security budget, it can also be harnessed for higher-level governance decisions, such as defining risk appetite and materiality. Manufacturers operate in a heavily regulated market in which cybersecurity incidents, on top of exposing sensitive data and disrupting production lines, can trigger regulatory scrutiny.
However, without establishing clear, data-driven benchmarks that define how much risk the business can accept, leadership may struggle to balance security investments with business priorities and wind up exposing themselves to compliance violations that erode stakeholder trust and invite increased oversight.
For instance, the US SEC’s cybersecurity regulations, released in 2023, demand that publicly traded manufacturing companies disclose material cyber risks and incidents. Neglecting to quantify what constitutes a material event can result in misjudgments over when disclosures need to be submitted, consequently leading to the overreporting of minor events or, worse, a failure to divulge necessary information.
In terms of defining risk appetite, CRQ equips executives with key metrics, such as Average Annual Loss (AAL) and the 1:100 Worst-Case Loss Scenario, allowing them to establish acceptable financial thresholds for cyber risk. Leadership can assess the probability of losses exceeding these limits and align security policies accordingly, ensuring that risk management efforts are both strategic and proportional to the company’s overall financial resilience goals.
Executives in the industry can no longer afford to treat cyber risk management as a secondary concern or as a technical issue siloed within IT. Indeed, the current cyber risk landscape, which experts forecast will only become more ominous in the upcoming years, poses a direct threat to manufacturing stability and profitability, harboring the potential for crippling losses and regulatory penalties.
To effectively mitigate the impact that cyber risk can have on their organizations, manufacturers must establish cybersecurity as a core focus within the C-suite and the boardroom. CRQ provides the quantified, tangible insights necessary to achieve this feat, translating complex terms into clear financial metrics that allow business leaders to assess their exposure, set loss thresholds, and align security investments with business priorities.
About the Author:
Shalom Bublil is Chief Product Officer at Kovrr and a cyber data science expert. Following his military service, he joined Lacoon Mobile Security, where he led the threat intelligence and threat modeling initiatives. In his last position before founding Kovrr, he led cyber threat intelligence and modeling efforts at Deep Instinct, developing a commercial detection engine product from scratch based on advanced artificial intelligence technology. Shalom holds a B.A. from the Open University of Israel.
Women Powering Manufacturing: Breaking Barriers
Meet Pete Jadwinski, Vice President of Sales at America in Motion (AIM) a company producing all-in-one materials handling solutions deploying custom-built Automated Guided Vehicles (AGVs). We discuss the history of the company founded by innovator Tommy Hessler and learn how mobile automation is the future of optimizing workflows and improving working conditions.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2025 Industry today. All Rights reserved.
