Only 0.2 percent of Taiwanese manufacturers have an annual IT security budget of more than NT$3 million (US$100,901) and a dedicated IT security department, Industrial Development Bureau data show.
Five percent of them have an annual IT security budget of more than that amount, but no dedicated IT security team, while the remaining 95 percent have neither a sufficient IT security budget nor dedicated in-house IT security talent.
In 2019, the average IT security budget of companies in the information and electronics industry and in the metal and machinery sector was less than NT$1 million, while the average budget in the financial services and healthcare industries reached NT$22 million and NT$8 million respectively.
This difference in IT security investment is because the latter industries are heavily regulated, including the required IT security measures, while the former are not.
Many CEOs of Taiwan’s small and medium-sized manufacturers understand and recognize, in concept, the importance of IT security investment, but when the time comes to open their checkbooks to act on the idea, they balk.
This is for one simple, but powerful reason: The return on investment (ROI) of IT security investment often cannot be quantified.
Whenever a company’s IT department proposes a plan to strengthen its security, the CEO is likely to ask some variant of the following question: By exactly how much would the proposed plan improve IT security?
Such a question is perfectly reasonable from the standpoint of corporate governance, but is it impossible for the IT department, as well as any other players in the field, to quantify the expected improvement and answer the question satisfactorily.
IT security technologies cannot quantitatively estimate the degree of vulnerability of a company’s IT environment. In the end, because the ROI of the proposed IT security enhancement plan is unclear, it is given a lower priority and might eventually fall through the cracks.
The most effective way to increase a manufacturer’s investment in IT security is to tie it to or align it with its business objectives.
The ongoing China-US trade dispute provides such an example.
Supply chain security has long been a concern, but became a real and pressing issue after the dispute started under former US president Donald Trump and the SolarWinds attack in 2020.
A modern, sophisticated product might consist of hardware and software components provided by dozens or even hundreds of suppliers. To ensure a finished product’s overall security, its manufacturer needs to ensure that its own IT environment, as well as components from suppliers and their IT environments, are secure.
Leaders of large manufacturing ecosystems, such as Boeing, General Motors and Taiwan Semiconductor Manufacturing Co (TSMC), are beginning to devise supplier IT security standards and guidelines, and include them in their routine quality audit programs to ensure that ecosystem members deploy proper cybersecurity defense measures in their IT environments.
With such a mandate in place, the CEO of a supplier now sees IT security investment not as something that is “good to have,” but as something their company “must have,” because the investment becomes an essential element of product development and competitiveness.
That is, the associated ROI is not only clear, but also compelling.
The government should leverage this supply chain management trend to steer the country’s small and medium-sized manufacturers toward increasing their IT security investments. Specifically, it should borrow supplier IT security standards, guidelines and auditing procedures from world-class supply chain leaders, such as TSMC, codify them into a reference plan on supply chain security assurance and provide it for free to local industry associations, incentivizing them to apply it to their supply chain management.
Taiwan’s manufacturing industry has a chance to not only strengthen its internal IT security, but also enhance the global competitiveness of its products.
Chiueh Tzi-cker is a joint appointment professor in the Institute of Information Security at National Tsing Hua University.
When it became clear that the world was entering a new era with a radical change in the US’ global stance in US President Donald Trump’s second term, many in Taiwan were concerned about what this meant for the nation’s defense against China. Instability and disruption are dangerous. Chaos introduces unknowns. There was a sense that the Chinese Nationalist Party (KMT) might have a point with its tendency not to trust the US. The world order is certainly changing, but concerns about the implications for Taiwan of this disruption left many blind to how the same forces might also weaken
As the new year dawns, Taiwan faces a range of external uncertainties that could impact the safety and prosperity of its people and reverberate in its politics. Here are a few key questions that could spill over into Taiwan in the year ahead. WILL THE AI BUBBLE POP? The global AI boom supported Taiwan’s significant economic expansion in 2025. Taiwan’s economy grew over 7 percent and set records for exports, imports, and trade surplus. There is a brewing debate among investors about whether the AI boom will carry forward into 2026. Skeptics warn that AI-led global equity markets are overvalued and overleveraged
Japanese Prime Minister Sanae Takaichi on Monday announced that she would dissolve parliament on Friday. Although the snap election on Feb. 8 might appear to be a domestic affair, it would have real implications for Taiwan and regional security. Whether the Takaichi-led coalition can advance a stronger security policy lies in not just gaining enough seats in parliament to pass legislation, but also in a public mandate to push forward reforms to upgrade the Japanese military. As one of Taiwan’s closest neighbors, a boost in Japan’s defense capabilities would serve as a strong deterrent to China in acting unilaterally in the
Taiwan last week finally reached a trade agreement with the US, reducing tariffs on Taiwanese goods to 15 percent, without stacking them on existing levies, from the 20 percent rate announced by US President Donald Trump’s administration in August last year. Taiwan also became the first country to secure most-favored-nation treatment for semiconductor and related suppliers under Section 232 of the US Trade Expansion Act. In return, Taiwanese chipmakers, electronics manufacturing service providers and other technology companies would invest US$250 billion in the US, while the government would provide credit guarantees of up to US$250 billion to support Taiwanese firms
RSS