How cyber attacks on Taiwan are hurting global business

State-sponsored cyber attacks from China have become far more common in recent years, but it’s not just Taiwan in the firing line. The implications for global semiconductor supplies could be critical

Taiwan Supply Chain Cyber Attacks
The Matsu islands are an established flashpoint in Taiwan’s decades-long stand-off with China

An island population cut off from the world when its communication lines are suddenly severed sounds like the plot of a dystopian thriller. But that was the reality for 14,000 people in the East China Sea this February. 

The Matsu islands are part of Taiwan, but when their internet access suddenly disappeared earlier this year, Taipei’s backup system could only restore 5% of the bandwidth the cables had provided. 

Amid rising tensions with China, this may well be a sign of things to come. Concerns have also been raised about what might happen if Taiwan’s 14 remaining international sea cables were unexpectedly put out of action. 

And that’s not the only threat. Interrupted access to the internet is bad enough, of course, but cyber attacks can bring far greater disruption. A recent Fortinet study reports that Taiwan is the target of 15,000 cyber attacks every second, with manufacturing, IT and logistics among the most heavily affected industries. Given that 90% of the world’s advanced microchips, as used in smartphones and data centres, are made in Taiwan, successful cyber attacks could result in large-scale, global shortages. That could leave businesses worldwide facing the same kind of reality as the people of Matsu did; missing vital communication links. 

Why cyber attacks are a daily risk for Taiwan’s businesses

The situation is rapidly worsening too. In the first half of this year, the number of daily cyber attacks on Taiwan was up 80% on the same period in 2022. Its big industrial players are routinely targeted with malware that includes malicious phishing campaigns, and harmful URLs. These methods can result in a company’s data being taken and held for ransom.  

Paul Bantick is global head of cyber risks at FTSE 100 insurer Beazley. He comments that the attacks are escalating not just because of Chinese hostility but also because of broader trends: “Cybercrime, particularly ransomware, is a high-growth industry and a lucrative business, and the barriers to entry are getting lower.” 

This has concerning implications for businesses worldwide. 

Richard Meeus, EMEA director of security technology and strategy at Akamai, explains that these attacks on Taiwan’s manufacturers are “intended to disrupt supply chains”, which is used as leverage by hackers. “Attacks can disrupt production processes, leading to costly downtime and delays, resulting in significant financial losses for organisations,” he says.

The disruption of semiconductor supply chains is by far the most serious global threat stemming from Taiwan’s predicament, given that the chips are used in such a wide variety of consumer, commercial and healthcare products.

Why attacks on Taiwan could disrupt ‘virtually everything’

Bindiya Vakil is CEO of supply chain risk management specialist Resilinc. She predicts that the cyber attacks on Taiwan could result in “shortages [that] disrupt the supply of virtually everything we use daily”.

The timing couldn’t be worse, either. Many businesses are still recovering from the global chip shortage of 2020, created by disrupted supply chains and the increased demand for technology during the Covid-19 pandemic. 

James Williams, head of TMT & Legal at IT security provider NCC Group, says that the pandemic highlighted the far-reaching consequences of supply chain disturbances. Manufacturers were forced to temporarily halt or permanently shut down production. As a result, car makers alone lost out on $61bn (£48bn) of sales in 2021. 

Multiple industries, including makers of vehicles and consumer electronics, continue to face challenges from that previous shortage of semiconductors. 

Further delays and slowdowns could result in the collapse of struggling companies. Although semiconductor supply chains appear to be stabilising, Vakil expects shortages to continue into 2024, so businesses should plan for delays.

How can businesses guard against ripples from Taiwan?

As a result, Vakil advises businesses to insulate themselves from the cyber attacks on Taiwan by “taking appropriate steps to mitigate potential risks”. That might mean “diversifying their suppliers, investing in AI-driven solutions, or implementing planning techniques”. She also highlights the importance of using advanced monitoring techniques to create greater cyber resilience in the supply chain.

Diversifying supply chains might be more complicated, but it will help to build resilience. For instance, Nvidia, the world’s largest semiconductor company, was targeted by ransomware in 2022, resulting in the theft of sensitive hardware and software data. Businesses that are reliant on Nvidia would have faced greater disruption than those with diversified supply chains.

Bantick points out that companies with links to Taiwan need to install security patches quickly, limit users’ permissions, have secure backups and, crucially, make sure that they have well-planned disaster recovery plans in place. After all, he points out, it’s important to implement cybersecurity at all business levels, as it’s usually the weakest link that is targeted; often manufacturers, like those in Taiwan. 

What is being done to defend Taiwan?

Of course, Taiwan has been working extremely hard to improve its cybersecurity at a national level, with President Tsai Ing-wen even setting up a cybersecurity research institute. The risk of cyber attacks, however, has prompted some leading technology firms to relocate their manufacturing operations. 

Shien-quey Kao, Taiwan’s deputy minister for national development, admits that big businesses are increasingly looking to other locations to protect their operations. Taiwanese Semiconductor Manufacturing Company, which provides chips for Apple, is already building a factory in the US, which is expected to be operational in 2024.

The better prepared the business, the better it will be able to weather cyber attacks and any resultant breakdowns in the global supply chain. Otherwise, much like the people of Matsu, thousands of employees could end up being disconnected from the outside world, unable to work, and without the technology needed to do their jobs. That really would be a dystopian reality in the making.