Only 0.2 percent of Taiwanese manufacturers have an annual IT security budget of more than NT$3 million (US$100,901) and a dedicated IT security department, Industrial Development Bureau data show.
Five percent of them have an annual IT security budget of more than that amount, but no dedicated IT security team, while the remaining 95 percent have neither a sufficient IT security budget nor dedicated in-house IT security talent.
In 2019, the average IT security budget of companies in the information and electronics industry and in the metal and machinery sector was less than NT$1 million, while the average budget in the financial services and healthcare industries reached NT$22 million and NT$8 million respectively.
This difference in IT security investment is because the latter industries are heavily regulated, including the required IT security measures, while the former are not.
Many CEOs of Taiwan’s small and medium-sized manufacturers understand and recognize, in concept, the importance of IT security investment, but when the time comes to open their checkbooks to act on the idea, they balk.
This is for one simple, but powerful reason: The return on investment (ROI) of IT security investment often cannot be quantified.
Whenever a company’s IT department proposes a plan to strengthen its security, the CEO is likely to ask some variant of the following question: By exactly how much would the proposed plan improve IT security?
Such a question is perfectly reasonable from the standpoint of corporate governance, but is it impossible for the IT department, as well as any other players in the field, to quantify the expected improvement and answer the question satisfactorily.
IT security technologies cannot quantitatively estimate the degree of vulnerability of a company’s IT environment. In the end, because the ROI of the proposed IT security enhancement plan is unclear, it is given a lower priority and might eventually fall through the cracks.
The most effective way to increase a manufacturer’s investment in IT security is to tie it to or align it with its business objectives.
The ongoing China-US trade dispute provides such an example.
Supply chain security has long been a concern, but became a real and pressing issue after the dispute started under former US president Donald Trump and the SolarWinds attack in 2020.
A modern, sophisticated product might consist of hardware and software components provided by dozens or even hundreds of suppliers. To ensure a finished product’s overall security, its manufacturer needs to ensure that its own IT environment, as well as components from suppliers and their IT environments, are secure.
Leaders of large manufacturing ecosystems, such as Boeing, General Motors and Taiwan Semiconductor Manufacturing Co (TSMC), are beginning to devise supplier IT security standards and guidelines, and include them in their routine quality audit programs to ensure that ecosystem members deploy proper cybersecurity defense measures in their IT environments.
With such a mandate in place, the CEO of a supplier now sees IT security investment not as something that is “good to have,” but as something their company “must have,” because the investment becomes an essential element of product development and competitiveness.
That is, the associated ROI is not only clear, but also compelling.
The government should leverage this supply chain management trend to steer the country’s small and medium-sized manufacturers toward increasing their IT security investments. Specifically, it should borrow supplier IT security standards, guidelines and auditing procedures from world-class supply chain leaders, such as TSMC, codify them into a reference plan on supply chain security assurance and provide it for free to local industry associations, incentivizing them to apply it to their supply chain management.
Taiwan’s manufacturing industry has a chance to not only strengthen its internal IT security, but also enhance the global competitiveness of its products.
Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.
Japanese Prime Minister Fumio Kishida on Thursday last week met with Chinese President Xi Jinping (習近平) at an APEC summit in Thailand. The meeting made front-page news in Japan the following day. Three years ago, when then-Japanese prime minister Shinzo Abe visited Beijing to meet with Xi, no one questioned Abe’s attitude toward China, as the conservative parties in Japan had been spearheaded by Abe. However, Kishida could easily be labeled as pro-China, as he hails from Hiroshima — a place known for its anti-war, anti-nuclear movements — and was once the director of the Japan-China Friendship Association of Hiroshima.
It is quite the irony when former British prime minister Boris Johnson — a buffoon who for far too long was taken seriously — is branded a buffoon for saying something deadly serious. Following Johnson’s withering criticism of China at a business forum in Singapore on Wednesday last week, the event’s organizer, Michael Bloomberg, apologized to attendees, saying that Johnson was “trying to be amusing rather than informative and serious.” However, Johnson’s characterization of China as a “coercive autocracy” that had showed “a candid disregard for the rule of international law” was spot-on. His comments evoked the wisdom of the Austrian-British philosopher
Although internal Chinese politics are largely defined by meticulously concocted mysteries, it is an open secret that the battle for who will ascend to the highest echelons of Zhongnanhai is decided at the Beidaihe resort. It is where factions within the Chinese Communist Party (CCP) engage in horse-trading over leadership selection and delegate appointments long before the party’s national congress. What unfolded at last month’s 20th National Congress was predetermined at the Beidaihe gathering in August. In this context, the CCP, and particularly Chinese President and CCP General Secretary Xi Jinping (習近平), used the event to project power and party unity.
There has been a surge of global interest in Taiwan’s security in recent years. Amidst the noise, it can be easy to lose sight of broader trends that are shaping the environment within which Taiwan operates. Taking a broader view can bring into focus what tasks are most important for Taiwan to protect its democratic way of life. At the global level, several trends are unfolding in parallel. First, great power competition is intensifying. Russia is employing violence to seek to redraw boundaries. China is advancing its ambitions by operating below the threshold of conflict. China-Russia relations are unnaturally close by