【2026 企業資安大調查】一張圖看2026年一般製造業企業資安風險
The 2026 iThome CIO & CISO survey reveals that general manufacturing enterprises face more high-impact, high-risk threats than high-tech manufacturers, with 11 items in the first quadrant. The sector is rapidly adopting generative AI but lacks corresponding governance frameworks, making LLM-related risks particularly acute. Phishing, BEC, and ransomware remain top threats, while LLM data leakage has newly entered the critical risk zone.
Summary
The 2026 iThome CIO & CISO Enterprise Security Survey highlights that general manufacturing enterprises share the same primary and secondary risks as high-tech manufacturers, but their risk profile is more severe. General manufacturing has 11 items in the first quadrant (high-impact, high-risk), compared to fewer in high-tech manufacturing. These include 4 system-type risks, 6 personnel-type risks, and 1 AI-type risk.
A significant finding is that general manufacturing is aggressively pursuing generative AI and AI agent applications, but the sector's AI readiness has not kept pace. Adoption rates for responsible AI frameworks are low, and AI governance maturity is limited. As a result, CIOs and CISOs in general manufacturing express greater concern about generative AI incidents than their counterparts in high-tech manufacturing.
The most notable AI-specific risk is LLM applications leaking sensitive data, which has entered the first quadrant, meaning CIOs believe it is likely to occur at least once in the coming year. LLM hallucinations causing human misjudgment currently sits near the boundary between the fourth and first quadrants, suggesting that as reliance on LLM applications grows, this risk could quickly escalate into a high-impact, high-probability threat.
The top priority risk for general manufacturing remains phishing and social engineering, followed by business email compromise (BEC) and ransomware incidents — threats shared with high-tech manufacturing. The survey was conducted online from January 1 to January 29, 2026, collecting 396 valid responses from IT leaders at large Taiwanese enterprises, government agencies, and universities, with 57% of respondents being the highest-level cybersecurity executives at their organizations.
About this episode
一般製造2026年的首要風險和次要風險,雖然和高科技製造業一項,但是一般製造業第一象限高衝擊高風險的項目,卻比高科技製造業還要更多,包括4項系統類風險和6項人員類風險和一項AI類的風險。 一般製造業今年也開始積極跟上生成式AI的浪潮,也願意投資在最新的AI代理應用上,但是一般製造業的AI因應能力沒有跟上來,像是AI負責任框架採用率偏低,AI治理程度也不高。企業資訊長和資安長也因此比高科技製造業更擔心生成式AI災情的發生。 立即下載完整報告【iThome 2026 CIO & CISO大調查】資安策略篇完整報告
Key Insights
- General manufacturing enterprises have 11 items in the high-impact, high-risk first quadrant — more than high-tech manufacturers — comprising 4 system risks, 6 personnel risks, and 1 AI risk.
- The survey found that general manufacturing CIOs and CISOs are more worried about generative AI incidents than their high-tech manufacturing peers, specifically because AI governance and responsible AI framework adoption in the sector remain underdeveloped.
- LLM applications leaking sensitive data has newly entered the first quadrant for general manufacturing in 2026, meaning CIOs assess it as highly likely to occur at least once within the year.
- LLM hallucination-induced human misjudgment currently sits near the boundary of the fourth and first quadrants, but the authors warn this risk could rapidly escalate into a high-impact, high-probability threat as LLM dependency increases in the sector.
- Despite sharing the same top threats as high-tech manufacturing — phishing/social engineering, BEC, and ransomware — general manufacturing's weaker AI governance posture makes its overall risk profile broader and potentially more vulnerable.
Topics
Transcript
一般製造2026年的首要風險和次要風險,雖然和高科技製造業一項,但是一般製造業第一象限高衝擊高風險的項目,卻比高科技製造業還要更多,包括4項系統類風險和6項人員類風險和一項AI類的風險。 一般製造業今年也開始積極跟上生成式AI的浪潮,也願意投資在最新的AI代理應用上,但是一般製造業的AI因應能力沒有跟上來,像是AI負責任框架採用率偏低,AI治理程度也不高。企業資訊長和資安長也因此比高科技製造業更擔心生成式AI災情的發生。 立即下載完整報告【iThome 2026 CIO & CISO大調查】資安策略篇完整報告 一般製造業得特別留意的AI風險是LLM應用夜露敏感資料,這是已經進入第一象限高衝擊高風險的威脅,一般製造業CIO認為自己未來一年至少會遭遇一次。LLM幻覺導致真人誤判的風險, 處於第四象限和第一象限的交接原點附近,這意味著看似發生機率不高衝擊可能也偏低的幻覺影響,隨著一般製造業對LLM應用和依賴越多,可能快速進入了第一線像,成為高衝擊高風險的威脅,企業積極擁抱AI時,也得留意這樣可能的未來威脅。 一般製造業今年也得特別防備的首要風險是「網路釣魚/社交工程手段」,次要風險則包括了「商業郵件詐騙」和「勒索軟體資安事故」,這三項都與高科技製造業的威脅類似,但值得關注的是「LLM應用洩漏敏感資料」今年進入高衝擊發生風險高的第一象限,一般製造業者也必須警戒。 企業資安風險圖製作說明 在iThome 2026年CIO暨CISO大調查中,由企業CIO和CISO自評各威脅項目的兩項指標,一項是該項目對企業帶來的衝擊程度(衝擊極高和衝擊極低),另一項是這個項目未來1年的發生風險(極可能發生與極不可能發生),再換算成不同程度的量化數據來製圖。垂直軸是該威脅項目對企業的衝擊,位置越往上代表衝擊越大,水平軸是企業未來1 年發生該項目的風險,位置越右,代表發生可能性越大。威脅項目的位置圓點,區分成三類,紅點代表系統類風險,綠點代表人員風險,黑點則為AI風險。 問卷執行 自2026年1月1日至1月29日,對臺灣大型企業、iThome歷屆CIO大調查企業、政府機關及大學院校的資訊主管進行線上問卷調查,有效問卷數396份,其中57%填答者為企業資安最高主管。 資料來源:2026年iThome CIO & CISO大調查,2026年3月
Full transcript available for MurmurCast members
Sign Up to AccessMore from iThome 新聞
cPanel重大漏洞出現濫用的概念驗證框架,全球網際網路尚有兩萬多臺伺服器遭駭
WebPros在4月28日修補cPanel/WHM的9.8分重大漏洞CVE-2026-41940,該漏洞允許未經身分驗證的攻擊者透過HTTP標頭CRLF注入獲取root權限。CISA隨即將其列入KEV清單,並於5月1日出現概念驗證框架cPanelSniper。Shadowserver基金會監測顯示,受影響IP位址從4月30日的4.4萬個降至5月1日的2萬餘個,美國、法國、德國為重災區。
對抗先進AI模型帶來的資安威脅態勢急速惡化,AI紅隊平臺新創廠商Armadin與兩大資安公司宣布合作
AI紅隊新創公司Armadin宣布與CrowdStrike及Palo Alto Networks策略合作,以應對先進AI模型(如Mythos與GPT-Cyber)帶來的急速惡化資安威脅態勢。合作重點分別聚焦於企業內部環境防護與外部攻擊面掌控,整合AI驅動的自主攻擊模擬與評估能力,協助企業在機器速度下完成過去需數週的滲透測試工作。
Ubuntu與Canonical網站疑似遭遇DDoS攻擊而停擺
2025年5月1日,親伊朗駭客組織「伊拉克伊斯蘭網路抵抗組織—313團隊」對Canonical與Ubuntu多個網站發動DDoS攻擊,導致服務中斷超過24小時。攻擊波及ubuntu.com、canonical.com等十餘個網站,涵蓋開發工具、資安API及入口網站。此次攻擊對全球開發者、雲端服務供應商及企業用戶造成重大影響。
Linux系統核心存在高風險漏洞Copy Fail,本機使用者能藉此奪取root權限,廣泛影響多個主流Linux版本
A high-severity Linux kernel vulnerability dubbed 'Copy Fail' (CVE-2026-31431) has been disclosed by security firm Theori, scoring 7.8 on the severity scale. The flaw, existing for 9 years, allows unprivileged local users to gain root privileges via a 4-byte controlled write exploit. It affects all Linux versions released since 2017, with patches available in versions 7.0, 6.19.12, and 6.18.22.
OpenAI推出進階帳號安全機制,為ChatGPT與Codex導入實體金鑰登入並支援用戶退出模型訓練
OpenAI於4月30日宣布推出「進階帳號安全」機制,為ChatGPT與Codex用戶提供實體金鑰登入、縮短登入執行階段及自動退出模型訓練等功能。同時,OpenAI執行長Sam Altman宣布即將向關鍵安全夥伴開放專為資安設計的GPT-5.5-Cyber模型。此舉亦伴隨OpenAI與Anthropic之間的公開競爭言論。