【2026 企業資安大調查】一張圖看2026年一般製造業企業資安風險
The 2026 iThome CIO & CISO survey reveals that general manufacturing enterprises face more high-impact, high-risk threats than high-tech manufacturers, with 11 items in the first quadrant. The sector is rapidly adopting generative AI but lacks corresponding governance frameworks, making LLM-related risks particularly acute. Phishing, BEC, and ransomware remain top threats, while LLM data leakage has newly entered the critical risk zone.
Summary
The 2026 iThome CIO & CISO Enterprise Security Survey highlights that general manufacturing enterprises share the same primary and secondary risks as high-tech manufacturers, but their risk profile is more severe. General manufacturing has 11 items in the first quadrant (high-impact, high-risk), compared to fewer in high-tech manufacturing. These include 4 system-type risks, 6 personnel-type risks, and 1 AI-type risk.
A significant finding is that general manufacturing is aggressively pursuing generative AI and AI agent applications, but the sector's AI readiness has not kept pace. Adoption rates for responsible AI frameworks are low, and AI governance maturity is limited. As a result, CIOs and CISOs in general manufacturing express greater concern about generative AI incidents than their counterparts in high-tech manufacturing.
The most notable AI-specific risk is LLM applications leaking sensitive data, which has entered the first quadrant, meaning CIOs believe it is likely to occur at least once in the coming year. LLM hallucinations causing human misjudgment currently sits near the boundary between the fourth and first quadrants, suggesting that as reliance on LLM applications grows, this risk could quickly escalate into a high-impact, high-probability threat.
The top priority risk for general manufacturing remains phishing and social engineering, followed by business email compromise (BEC) and ransomware incidents — threats shared with high-tech manufacturing. The survey was conducted online from January 1 to January 29, 2026, collecting 396 valid responses from IT leaders at large Taiwanese enterprises, government agencies, and universities, with 57% of respondents being the highest-level cybersecurity executives at their organizations.
Key Insights
- General manufacturing enterprises have 11 items in the high-impact, high-risk first quadrant — more than high-tech manufacturers — comprising 4 system risks, 6 personnel risks, and 1 AI risk.
- The survey found that general manufacturing CIOs and CISOs are more worried about generative AI incidents than their high-tech manufacturing peers, specifically because AI governance and responsible AI framework adoption in the sector remain underdeveloped.
- LLM applications leaking sensitive data has newly entered the first quadrant for general manufacturing in 2026, meaning CIOs assess it as highly likely to occur at least once within the year.
- LLM hallucination-induced human misjudgment currently sits near the boundary of the fourth and first quadrants, but the authors warn this risk could rapidly escalate into a high-impact, high-probability threat as LLM dependency increases in the sector.
- Despite sharing the same top threats as high-tech manufacturing — phishing/social engineering, BEC, and ransomware — general manufacturing's weaker AI governance posture makes its overall risk profile broader and potentially more vulnerable.
Topics
Full transcript available for MurmurCast members
Sign Up to Access