Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts

Abstract An increasing number of cybersecurity breaches adversely affect business performance, by leveraging the vulnerabilities of networked manufacturing machines. In some cases, cyber-attacks on critical industrial equipment are able to undermine the corporate business model. Knowing and evaluating in advance the main critical assets to be protected from potential cyber-attacks and the business impacts that could occur is a source of competitive advantage. Through the analysis of literature and an ethnographic research approach, this study proposes a structured classification of critical industrial assets within Industry 4.0 and potential adverse impacts on business performance due to breaches of cybersecurity. In particular, cybersecurity is analysed in terms of loss of confidentiality, integrity and availability of data associated with networked manufacturing machines. It is also suggested how critical assets and business impacts are correlated and how business impacts can be assessed. The proposed results can be organized in four steps for supporting companies in making decisions on cybersecurity policies. Moreover, both industry and academia can benefit from these results to conduct future analysis and investigation activities in the field of cybersecurity.