RESEARCH REPORT

INFORMATION TECHNOLOGY RISKS

in
MANUFACTURING INDUSTRY
Information Technology Risks in Manufacturing Industry

AUTHORS

ABSTRACT
The purpose of this report is to determine the Information Technology risks involved in
manufacturing industry. Growth of manufacturing industries nowadays depends primarily on
how quickly they adapt to changes in technology. Old and conventional methods of
manufacturing are now becoming obsolete and use of information technology is becoming vital
in every industry.

Manufacturing was the second-most targeted industry for cyber-attacks in 2015, according to
IBM. While the industry may have flown under the radar as high-profile attacks against the
retail, financial services and healthcare industries made headlines, manufacturers information,
intellectual property and products have become prime targets for cyber criminals.

As manufacturers develop smart products and processes, more data and network entry points are
created every day. To maintain a competitive advantage, manufacturers must contend with both
information technology risks and operating technology risks. Companies are increasingly wary
of product performance problems and liability that can result from system breaches, in addition
to vendor issues and equipment failures.

In this study we are using Delphi method and after interviewing key people of different
manufacturing industries we are trying to analyze impact of IT risks in manufacturing industry

2
Information Technology Risks in Manufacturing Industry

and how to mitigate these risks to achieve competitive advantage by assessing the successful
steps taken by top manufacturing industries.

This study will help us to know the impact of IT risk and how we can overcome them by
learning with experience of key professionals.

INTRODUCTION
A manufacturing business is devoted to the production of tangible objects that are high in quality
and competitive in cost, meet customers' expectations for performance, and are delivered in a
timely manner. In a manufacturing environment that is perhaps changing more rapidly now than
during the Industrial Revolution, competing successfully will require that manufacturers
increasingly provide customers with shorter times between order and delivery and between
product conceptualization and realization, greater product customization, and higher product
quality and performance, while meeting more stringent environmental constraints.
Accomplishing these goals will require major changes in current manufacturing practices such
changes include the use of new and/or more complex manufacturing processes, greater use of
information to reduce waste and defects, and more flexible manufacturing styles.

An enormous amount of information is generated and used during the design, manufacture, and
use of a product to satisfy customer needs and to meet environmental requirements. Thus it is
reasonable to suppose that the use of information technology can enable substantial
improvements in the operation, organization, and effectiveness of information-intensive
manufacturing processes and activities, largely by facilitating their integration. Equipment and
stations within factories, entire manufacturing enterprises, and networks of suppliers, partners,
and customers located throughout the world can be more effectively connected and integrated
through the use of information technology.

3
Information Technology Risks in Manufacturing Industry

Information technology can provide the tools to help enterprises achieve goals widely regarded
as critical to the future of manufacturing, including:

Rapid shifts in production from one product to another

Faster implementation of new concepts in products
Faster delivery of products to customers
More intimate and detailed interactions with customers
Fuller utilization of capital and human resources
Streamlining of operations to focus on essential business needs
Elimination of unnecessary, redundant, or wasteful activities.

Managing information technology (IT) risks is a structured process that involves a series of
activities designed to:

identify risks
assess risks
mitigate risks
develop response plans
Review risk management procedures.

An effective IT risk assessment identifies serious risks, based on the probability that the risk will
occur, and the costs of business impacts and recovery. Having identified risks and likely business
impacts, the development of a business continuity plan can help your business survive and
recover from an IT crisis. A business continuity plan identifies critical business activities, risks,
response plans and recovery procedures.

IT policies and procedures explain to staff, contractors and customers the importance of
managing IT risks and may form part of your risk management and business continuity plans.

Security policies and procedures can assist your staff training on issues such as:

safe email use

setting out processes for common tasks
managing changes to IT systems
Responses to IT incidents.

4
Information Technology Risks in Manufacturing Industry

LITERATURE REVIEW
We reviewed different studies regarding our topic, mentioned below.

L.G. Tornatzky and M. Fleischer (1990) studied about radio frequency identification (RFID)
which is one of the most promising technological innovations, with the potential to increase
supply chain visibility and improve process efficiency. Based on the technologyorganization
environment (TOE) framework of Tornatzky and Fleischer, nine variables (relative advantage,
compatibility, complexity, top management support, firm size, technology competence,
information intensity, competitive pressure, and trading partner pressure) are proposed to help
predict RFID adoption. Data collected from 133 manufacturers in Taiwan was tested against the
proposed research model using logistic regression. The results and implications of this study
contribute to an expanded understanding of the determinants that affect RFID adoption in the
manufacturing industry and risks involved with it as well. But overall RFID technology
induction in manufacturing industry was very helpful.

Suhong Li, Binshan Lin (2000) in their research paper empirically examined the impact of
environmental uncertainty, intra-organizational facilitators, and inter-organizational relationships
on information sharing and information quality in supply chain management. Based on the data
collected from 196 organizations, multiple regression analyses are used to test the factor
impacting information sharing and information quality respectively. It is found that both
information sharing and information quality are influenced positively by trust in supply chain

5
Information Technology Risks in Manufacturing Industry

partners and shared vision between supply chain partners, but negatively by supplier uncertainty.
Top management has a positive impact on information sharing but has no impact on information
quality. The results also show that information sharing and information quality are not impacted
by customer uncertainty, technology uncertainty, commitment of supply chain partners, and IT
enablers. Moreover, a discriminant analysis revealed that supplier uncertainty, shared vision
between supply chain partners and commitment of supply chain partners are the three most
important factors in discriminating between the organizations with high levels of information
sharing and information quality and those with low levels of information sharing and information
quality.

Ila Manuj Ph.D., John T. Mentzer Ph.D.(March 2008) studied risks in global supply chain,
review reveals a few structured and systematic approaches for assessing risks in supply chains.
This paper integrates literature from several disciplines including logistics, supply chain
management, operations management, strategy, and international business - to develop a model
of global supply chain risk management. The implications for stakeholders and how future
research could bring more insights to the phenomenon of global supply chain risk management
are also discussed.

JanOlhager (1998) studied supply chain integration and the two key flows in such relationships
which are material and information. Previous studies have addressed information integration and
material (logistics) integration in separate studies. In this paper, he investigated the integrations
of both information and material flows between supply chain partners and their effect on
operational performance. Specifically, role of long-term supplier relationship as the driver of the
integration was examined. Using data from 232 Australian firms, it was found that logistics
integration has a significant effect on operations performance. Information technology
capabilities and information sharing both have significant effects on logistics integration.
Furthermore, long-term supplier relationships have both direct and indirect significant effects on
performance; the indirect effect via the effect on information integration and logistics
integration.

Uta Jttner, Helen Peck & Martin Christopher (2012) in their study indicated that in recent years
supply chain risk has been pushed to the fore, initially by fears related to possible disruptions
from the much publicized millennium bug. Y2K passed seemingly without incident, though
the widespread disruptions caused by fuel protests and then Foot and Mouth Disease in the UK,
and by terrorist attacks on the USA have underlined the vulnerability of modern supply chains.
Despite increasing awareness among practitioners, the concepts of supply chain vulnerability and
its managerial counterpart supply chain risk management are still in their infancy. This paper
seeks to identify an agenda for future research and to that end the authors go on to clarify the
concept of supply chain risk management and to provide a working definition. The existing
literature on supply chain vulnerability and risk management is reviewed and compared with
findings from exploratory interviews undertaken to discover practitioners' perceptions of supply
chain risk and current supply chain risk management strategies.
6
Information Technology Risks in Manufacturing Industry

Douglas MLambert Martha CCooper (2000) suggested that successful supply chain management
requires cross-functional integration and marketing must play a critical role. The challenge is to
determine how to successfully accomplish this integration. We present a framework for supply
chain management as well as questions for how it might be implemented and questions for future
research. Case studies conducted at several companies and involving multiple members of
supply chains are used to illustrate the concepts described.

Paul R. Kleindorfer, Germaine H. Saad (March 2005) studied two broad categories of risk
affecting supply chain design and management, risks arising from the problems of coordinating
supply and demand, and risks arising from disruptions to normal activities. This paper is
concerned with the second category of risks, which may arise from natural disasters, from strikes
and economic disruptions, and from acts of purposeful agents, including terrorists. The paper
provides a conceptual framework that reflects the joint activities of risk assessment and risk
mitigation that are fundamental to disruption risk management in supply chains. It is then
considered from empirical results from a rich data set covering the period 19952000 on
accidents in the U. S. Chemical Industry. Based on these results and other literature, we discuss
the implications for the design of management systems intended to cope with supply chain
disruption risks.

Christopher Tang , Brian Tom, Lee (2004) articulated that alignment, adaptability, and agility are
the basic ingredients for managing supply chain risks. While it is clear that flexibility (agility)
enhances supply chain resiliency, it remains unclear how much flexibility is needed to mitigate
supply chain risks. Without a clear understanding of the benefit associated with different levels
of flexibility, firms are reluctant to invest in flexibility especially when reliable data and accurate
cost and benefit analysis are difficult to obtain. In this paper, a unified framework and 5 stylized
models are presented to illustrate that firms can obtain significant strategic value by
implementing a risk reduction program that calls for a relatively low level of flexibility. Findings
highlight the power of flexibility, and provide convincing arguments for deploying flexibility to
mitigate supply chain risks.

M. Nishat Faisal, D.K Banwet, Ravi Shankar articulated supply chain risk management
assumes importance in the wake of organizations understanding that their risk susceptibility
is dependent on other constituents of their supply chain. The purpose of this paper is to
present an approach to effective supply chain risk mitigation by understanding the dynamics
between various enablers that help to mitigate risk in a supply chain. Methodology is using
interpretive structural modeling the research presents a hierarchybased model and the
mutual relationships among the enablers of risk mitigation. Findings of this research shows
that there exists a group of enablers having a high driving power and low dependence
requiring maximum attention and of strategic importance while another group consists of
those variables which have high dependence and are the resultant actions. This classification
provides a useful tool to supply chain managers to differentiate between independent and
dependent variables and their mutual relationships which would help them to focus on those
7
Information Technology Risks in Manufacturing Industry

key variables that are most important for effective risk minimization in a supply chain.
Presentation of enablers in a hierarchy and the classification into driver and dependent
categories is unique effort in the area of supply chain risk management.

METHODOLGY

For this project we used Delphi method as a research methodology. Several rounds of
discussions were carried out and responses are aggregated and shared with the group after each
round. The experts are allowed to adjust their answers in subsequent rounds. Since multiple
rounds of questions are asked and the panel was told what the group thinks as a whole, the
Delphi method seeks to reach the correct response through consensus.
The panel comprised of Industry experts from top manufacturing concerns operating in Pakistan.
These manufacturing companies include automotive, FMCG & pharmaceutical industries. The
reason for choosing multiple industry sectors was to have a crystal clear, diversified and in depth
insight of the Information Technology (I.T) risks associated with the supply chain of these
companies.
The panel selected for discussion not only involve Supply Chain experts but it also include the
experts of information technology. The questions involved both the General I.T related risks and
Criminal I.T related risks. General I.T risks involved in manufacturing industry are hardware
failure, software failures, human errors, etc. Whereas Criminal I.T related risks involve Cyber-
attacks, hacking, etc.

8
Information Technology Risks in Manufacturing Industry

ANALYSIS

The results derived from Delphi technique were thoroughly analyzed. In order to make the
research more informative, detailed analysis of all responses was carried out simultaneously. The
inputs from all industry experts are taken into consideration for analysis.

Most important function of Information Technology in supply chain of any sector is to provide
sustainable and reliable cross-functional integration. The main purpose on implementing an IT in
fracture (both hardware and software) is to have real time information of whole system. The two
most important risks identified during the study are:

1. Hardware problems
2. Software Bugs

Hardware issues range from internal to external problems. Internal issues include complete or
partial failure of networking hardware, disruption between links, malfunctioning of servers or
routers and human errors. These risks must be well identified and addressed because the cost
involved in hardware installation and maintenance is very high. The architecture of networking

9
Information Technology Risks in Manufacturing Industry

in fracture is also of core importance. It must be designed efficiently. The most widely used
technique to mitigate hardware risks is Redundancy. Most of the expert told that there must be at
least two or more communication channels among whole company. The important feature of
these channels must be that they can work independently and be able to cater requirement alone.
Another important point identified is that medium of data transfer of redundant channels must
also be different eg. If one is wired the second should be wireless.

IT hardware is also prone to disruptions from external sources. These risks include theft, physical
attacks, problem in submarine lines and natural disasters. Data storage and backup is most
widely used to cater such events

Second problem highlighted during study is software issues. Built-in bugs in soft wares are one
of the major threat to any firms IT infrastructure. Main reasons of these bugs are wrong
understanding of the programmer, incorrect choice of coding language, human error, bugs in
algorithm and use of older version/un-licensed softwares. In order to mitigate this type of risk
companies must have regular updates installed and perform audits frequently.

Security threats are also one of the major risks in IT infrastructure of any firm. These security
threats include data theft, system hacking, system jamming and cyber-attacks. All the IT in
fracture in any firm is prone to both internal and external security threats. However most of
attacks are from external sources. Computer virus, malwares and ransom wares are most widely
used for such attacks. Constant monitoring of system at each layer of networking and latest
updates security softwares are most widely used to mitigate these risks.

Below is the percentage of security issues being faced by different companies in manufacturing
sector:

10
Information Technology Risks in Manufacturing Industry

One of the most important preventive measure that must be taken by all firms to mitigate IT risks
is Employee awarenss and training. As digital transformation in the manufacturing space
continues to accelerate, cyber has become a broad business risk rather than just an IT issue. It
now encompasses nearly every aspect of a companys operations, from R&D to the factory floor,
and the supplier to the customer. In other words, security concerns the entire enterprise
ecosystem and the people that connect all these processes together. Now, more than ever,
manufacturers are exposed to a growing number of potential cyber breach points, spanning
legacy control systems, connected ICS, and interconnected supply chains to name just a few.
However, manufacturers also have to deal with threats posed by their own employees. In a world
of increasingly mobile workforces, ever more ingenious phishing schemes, and a general lack of
awareness regarding the security of digital assets, some manufacturers find their staff to be the
weakest link in the cyber risk chain with four out of the top ten threats attributable to employees.
Every department and all levels of the workforce are exposed to cyber risk, as human touch
points may serve as unwitting doorways for unauthorized or unsecure devices and users. When
asked to characterize the nature of cyber-related incidents experienced in the last 12 months,
surveyed manufacturing executives responded that the highest number of incidents46
percent originated within the organization with 39 percent deriving from external sources and
15 percent attributable to vendors or business partners.

CONCLUSION
After this research on the risks related to Information Technology in manufacturing industry, we
conclude that it is one of the most critical and important risk as for a reliable and sustainable

11
Information Technology Risks in Manufacturing Industry

business and process, both the hardware and software systems of the company should be free
from all kinds of Information Technology risks.

If a manufacturing company is suffered from any hardware or software risk, it not only cost high
for the recovery of the system but also can cause data loss, production loss, high indirect costs,
and poor relationship with the customers for not delivering goods on time due to information
technology problems.

The important findings in the research are that to mitigate, avoid and control the information
technology risks in manufacturing industry, companies should consider the following strategies:

Redundancy Use at least two or more communication channels

Use Different mediums for data transfer - If one is wired the second should be wireless
Always have a backup of important data
Regular updates for installed software and hardware
Perform frequent I.T Audits
Use infrastructure protection devices
Use updated and activated anti-viruses
Employees awareness and trainings
Etc.

Using the above mentioned strategies, manufacturing companies can not only secure their
information technology setup but can also enhance their confidence on their hardware and
software system. It will also prevent the manufacturing industry to bear production and delivery
losses cause by errors and disturbance by information technology.

REFERENCES:

12
Information Technology Risks in Manufacturing Industry

L.G. Tornatzky and M. Fleischer (1990)

Suhong Li, Binshan Lin (2000)

Ila Manuj Ph.D., John T. Mentzer Ph.D.(March 2008)

JanOlhager (1998)

Uta Jttner, Helen Peck & Martin Christopher (2012)

Douglas MLambert Martha CCooper (2000)

Paul R. Kleindorfer, Germaine H. Saad (March 2005)

Christopher Tang , Brian Tom, Lee (2004)

M. Nishat Faisal, D.K Banwet, Ravi Shankar

www.sceincedirect.com

www.solarwindsmsp.com

https://www.cbiz.com/insights-resources/details/articleid/3034/the-top-five-risks-facing-
manufacturers-article

http://www.kone.com/en/investors/capital-and-risk-management/operational-risks/

https://www.stonewoodgroup.com/food_manufacturer_director_information_technology/

13