Industry insights


Manufacturing organizations do not have the same legacy experience as data-intensive industries, such as financial institutions. Today, manufacturing is seeing an acceleration in the pace of technological change evidenced by the digital global supply chain, connected devices such as Human Machine Interfaces (HMI), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT).

How does the manufacturing industry stack up?

2.2 (basic)

The average CyQu rating for manufacturing organizations globally is 2.2/4 (basic).

What this means

This rating indicates that cyber security maturity is at a basic level. Organizational cyber security risk management practices and technologies are not formalized. Risk is managed in an ad hoc and sometimes reactive manner. Risk management practices and technologies are not established.

Explore the most pertinent cyber risks to manufacturing organizations, map them to key cyber security controls, and determine actions your organization can take to close cyber security gaps.

Click below (+) to learn more

*Aon's Cyber Quotient Evaluation (CyQu) is a comprehensive cyber risk assessment that evaluates cyber risk across 9 security domains and 35 critical control areas

Underpinned by proprietary data and expert insights, explore four key risk themes that are prominent to manufacturing organizations today.

Read below to learn more

Navigate new exposures:

Rapid digital evolution

Unsurprisingly, clients in the manufacturing sector have a strong focus on environmental controls. For example, 37% of all organizations have N+1 (parallel redundancy) configuration for critical power systems, fire suppression, and Uninterruptible Power Supply (UPS).

Know your partners:

Third-party risk

Manufacturers are likely to depend upon a large number of third-parties to support their value chain. Yet more than half (57%) of organizations continue to perform ad hoc rollouts, without having formalized a consistent due diligence approach across their organization. What is most concerning, is that 17% have no third-party due diligence at all.

Concentrate on controls:


60% of manufacturers do not implement Two-Factor Authentication (2FA), a critical additional security layer. Without authentication and encryption, 46% of organizations struggle with endpoint logging and monitoring, causing poor visibility into Industrial Control Systems (ICS) and critical operational networks. Most surprisingly of all, manufacturers still fall below the cross-industry average for both incident response and business continuity readiness.

Perfect the basics:


46% of manufacturers do not have a security solution that supports consistent and repeatable data classification. This also impacts their ability to layer additional data protection controls.

Industry insights

Professional services