The impact of cybersecurity on the packaging industry

The graphic below details cybersecurity areas where packaging materials producers, packaging converters, filling and packaging companies, and wholesale, distribution and logistics companies should focus their time and resources. We suggest that packaging companies invest in technologies that are shaded in green, explore the prospect of investing in technologies shaded in yellow, and ignore areas shaded in red.

Packaging companies should invest in cybersecurity across packaging conversion and fillings and packaging, as these are the main areas they can control. The further upstream and downstream the value chain, the more difficult it becomes to gain direct control. However, packaging companies across the value chain should synchronise cybersecurity measures, ensuring optimal threat detection and security measures are in place.  

Companies throughout the cybersecurity value chain are increasingly becoming aware of supply chain vulnerabilities as sectors become more digitalised and are working with packaging companies to resolve them. Threat detection and response, cloud security, data security, vulnerability management, post-breach response services, and risk and compliance are the most important segments of the cybersecurity value chain for the packaging industry. Packaging companies increasingly use cloud servers for delivery management, storing more data virtually than ever before. There is a risk of supply chain sabotage if cybersecurity measures are not implemented. 

The manufacturing sector is rapidly becoming digitalised. Some 79% of companies have implemented smart technologies on their processing lines, 64% on their assembly lines, and 60% at end-of-line packaging, according to a March 2021 survey from the Packaging Machinery Manufacturers Institute (PMMI). This shift towards adopting technology throughout the supply chain has brought manufacturing to new levels of efficiency and productivity. However, the packaging sector’s digitalisation is moving faster than the pace of its cybersecurity adoption. Manufacturers are keen to adopt innovations that could streamline their processes but typically do not give enough consideration to cybersecurity. This results in vulnerable networks that are likely to be targets of intrusion and tampering from outside forces. 

According to IBM, manufacturing is the second most targeted industry by cybercriminals, yet one of the least prepared. Package assembling is often the last step of the manufacturing process, where automated machinery accounts for 60% of end-of-line packaging. According to the PMMI, in 2020, 88% of all small business owners in the manufacturing sector felt their business was vulnerable to a cyberattack, 28% of all cybersecurity breaches occurred at small businesses, and 10% of small businesses had to shut down permanently due to cybersecurity breaches. Thus, small packaging companies must adopt appropriate cybersecurity measures where possible, as they have proven to be frequent targets of attacks.  

Cybersecurity attacks are especially alarming as there are increasing costs to manufacturers that experience a cyberattack. The PMMI reported that in 2020, the average cost of a cyberattack was approximately $3.7m before factoring in secondary impacts, including tarnished reputation and damaged customer loyalty. It often takes manufacturers a significant amount of time to identify, isolate, and resolve a cyberattack. The PMMI has noted that it took, on average, 280 days to identify and resolve a cyberattack in 2020. Therefore, packaging operations should make cybersecurity a crucial part of their digital transformation strategy to increase access controls and risk monitoring as the sector digitalises.  

Cybersecurity for packaging companies involves every connection at an operation, contrary to the simplified belief that cybersecurity primarily involves email scams and log-in hacking. All sensors, machines, and networks are potential pathways for cybercriminals. Cyberattacks can target either information technology (IT) systems or operation technology (OT) networks. An OT attack can target sensors on the production line, such as industrial control systems, including supervisory control and data acquisition (SCADA) and human-machine interface (HMI) panels, and unsecured programmable logic controllers (PLCs). 

Source: GlobalData Thematic Intelligence

The Covid-19 pandemic gave businesses an unprecedented opportunity to implement profound changes to the way they work. The pandemic will leave a legacy, from digitising processes and reshaping supply chains to redesigning offices. For manufacturers, technology will play an increasingly prominent role in building resilience as 83% of firms are struggling to ensure the security of remote working systems due to the pandemic and may be prone to cybersecurity breaches, according to PwC.  

Automated processes and the use of robotics are not uncommon in the packaging sector, where both are digitally controlled by virtual reality (VR), augmented reality (AR), AI, IoT, and cloud services. The increasing reliance on digital systems for efficiency, safety, and quality, makes cybersecurity more critical than ever. Packaging robots remain expansive and lack the flexibility necessary for integration into a working environment. 

The ongoing conflict in Ukraine has resulted in a wide-reaching international response to limit the ability of Russian individuals and companies to trade outside its borders. Tools such as sanctions and asset freezes have been enacted to constrict Russian companies from trading globally. The conflict in Ukraine is yet another external threat that compounds fast-rising input prices, resurgent post-Covid demand, supply disruptions, and cyberattacks. As Russia’s invasion of Ukraine continues, concern is mounting that the conflict will unleash a fresh wave of cyberattacks worldwide and in the packaging sector. The Ukraine-Russia conflict is a potential cybersecurity risk as several companies may find they need to pivot from original trade routes with approved vendors and work with new companies. This could represent a potential cybersecurity threat due to a lack of operational understanding of new vendors.