Only 0.2 percent of Taiwanese manufacturers have an annual IT security budget of more than NT$3 million (US$100,901) and a dedicated IT security department, Industrial Development Bureau data show.
Five percent of them have an annual IT security budget of more than that amount, but no dedicated IT security team, while the remaining 95 percent have neither a sufficient IT security budget nor dedicated in-house IT security talent.
In 2019, the average IT security budget of companies in the information and electronics industry and in the metal and machinery sector was less than NT$1 million, while the average budget in the financial services and healthcare industries reached NT$22 million and NT$8 million respectively.
This difference in IT security investment is because the latter industries are heavily regulated, including the required IT security measures, while the former are not.
Many CEOs of Taiwan’s small and medium-sized manufacturers understand and recognize, in concept, the importance of IT security investment, but when the time comes to open their checkbooks to act on the idea, they balk.
This is for one simple, but powerful reason: The return on investment (ROI) of IT security investment often cannot be quantified.
Whenever a company’s IT department proposes a plan to strengthen its security, the CEO is likely to ask some variant of the following question: By exactly how much would the proposed plan improve IT security?
Such a question is perfectly reasonable from the standpoint of corporate governance, but is it impossible for the IT department, as well as any other players in the field, to quantify the expected improvement and answer the question satisfactorily.
IT security technologies cannot quantitatively estimate the degree of vulnerability of a company’s IT environment. In the end, because the ROI of the proposed IT security enhancement plan is unclear, it is given a lower priority and might eventually fall through the cracks.
The most effective way to increase a manufacturer’s investment in IT security is to tie it to or align it with its business objectives.
The ongoing China-US trade dispute provides such an example.
Supply chain security has long been a concern, but became a real and pressing issue after the dispute started under former US president Donald Trump and the SolarWinds attack in 2020.
A modern, sophisticated product might consist of hardware and software components provided by dozens or even hundreds of suppliers. To ensure a finished product’s overall security, its manufacturer needs to ensure that its own IT environment, as well as components from suppliers and their IT environments, are secure.
Leaders of large manufacturing ecosystems, such as Boeing, General Motors and Taiwan Semiconductor Manufacturing Co (TSMC), are beginning to devise supplier IT security standards and guidelines, and include them in their routine quality audit programs to ensure that ecosystem members deploy proper cybersecurity defense measures in their IT environments.
With such a mandate in place, the CEO of a supplier now sees IT security investment not as something that is “good to have,” but as something their company “must have,” because the investment becomes an essential element of product development and competitiveness.
That is, the associated ROI is not only clear, but also compelling.
The government should leverage this supply chain management trend to steer the country’s small and medium-sized manufacturers toward increasing their IT security investments. Specifically, it should borrow supplier IT security standards, guidelines and auditing procedures from world-class supply chain leaders, such as TSMC, codify them into a reference plan on supply chain security assurance and provide it for free to local industry associations, incentivizing them to apply it to their supply chain management.
Taiwan’s manufacturing industry has a chance to not only strengthen its internal IT security, but also enhance the global competitiveness of its products.
Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.
Speaking at the Copenhagen Democracy Summit on May 13, former president Tsai Ing-wen (蔡英文) said that democracies must remain united and that “Taiwan’s security is essential to regional stability and to defending democratic values amid mounting authoritarianism.” Earlier that day, Tsai had met with a group of Danish parliamentarians led by Danish Parliament Speaker Pia Kjaersgaard, who has visited Taiwan many times, most recently in November last year, when she met with President William Lai (賴清德) at the Presidential Office. Kjaersgaard had told Lai: “I can assure you that ... you can count on us. You can count on our support
Denmark has consistently defended Greenland in light of US President Donald Trump’s interests and has provided unwavering support to Ukraine during its war with Russia. Denmark can be proud of its clear support for peoples’ democratic right to determine their own future. However, this democratic ideal completely falls apart when it comes to Taiwan — and it raises important questions about Denmark’s commitment to supporting democracies. Taiwan lives under daily military threats from China, which seeks to take over Taiwan, by force if necessary — an annexation that only a very small minority in Taiwan supports. Denmark has given China a
Many local news media over the past week have reported on Internet personality Holger Chen’s (陳之漢) first visit to China between Tuesday last week and yesterday, as remarks he made during a live stream have sparked wide discussions and strong criticism across the Taiwan Strait. Chen, better known as Kuan Chang (館長), is a former gang member turned fitness celebrity and businessman. He is known for his live streams, which are full of foul-mouthed and hypermasculine commentary. He had previously spoken out against the Chinese Communist Party (CCP) and criticized Taiwanese who “enjoy the freedom in Taiwan, but want China’s money”
A high-school student surnamed Yang (楊) gained admissions to several prestigious medical schools recently. However, when Yang shared his “learning portfolio” on social media, he was caught exaggerating and even falsifying content, and his admissions were revoked. Now he has to take the “advanced subjects test” scheduled for next month. With his outstanding performance in the general scholastic ability test (GSAT), Yang successfully gained admissions to five prestigious medical schools. However, his university dreams have now been frustrated by the “flaws” in his learning portfolio. This is a wake-up call not only for students, but also teachers. Yang did make a big