In 2022, a cyberattack on Toyota’s electronics and plastic parts supplier Kojima Industries shut down production lines at 14 Toyota plants in Japan for 24 hours.
As this example illustrates, smaller suppliers may often have inadequate cyber resources in place to protect themselves, leaving big companies vulnerable.
Few realize that manufacturers face more cyberattacks than any other industry, and that their vast, complex network of smaller suppliers can function as a back door to disrupt their own multi-billion-dollar businesses.
Yet large corporations rarely communicate with their suppliers on this increasingly crucial topic.
MxD, the National Center for Cybersecurity in Manufacturing, is now making that communication happen monthly, fulfilling the role of cyber educator and communicator through its CyberSecure Supplier Program.
Direct Line from OEMs to Suppliers
MxD partners with four original equipment manufacturers (OEMs) to directly communicate with thousands of their suppliers via MxD’s CyberSecure monthly newsletters and quarterly webinars, helping them protect their operations, revenues, and reputations.
The program currently serves Boeing, DMG Mori, Oshkosh Defense, and Rolls-Royce. MxD delivers engaging custom content that quickly conveys needed information, reaching nearly 7,000 suppliers every month.
“Clear and simple communication is 80% of the problem when it comes to reducing supplier cybersecurity risks,” said Neil Brink, cybersecurity specialist at Rolls-Royce.” This program uses simple language; it doesn’t confuse or overwhelm anyone.”
MxD provides a range of sharply written and designed content for its newsletters, including interviews with each company’s cyber leaders and other experts.
Newsletters have also shared supplier success stories; threat updates; incident response best practices; trends and tips; phishing quizzes; and toolkits taking deep dives into topics including cybersecurity preparedness and government defense initiatives. Stories from MxD’s Cyber Team give suppliers unprecedented perspectives on threats — and ways to mitigate them.
Ensuring Emails Are Opened — and Read
“It’s essential to have experts who have knowledge in communications and marketing to ensure that someone is going to open the email and take action,” said Clare McBrearty, supplier cyber security lead for Rolls-Royce. “We needed those additional skills to make the project a success.”
Open rates for the Rolls-Royce newsletter regularly top 50%, and after one year, the company expanded the program to all of its North American suppliers.
These supply chain lines of communication are increasingly important in 2025 as the defense industrial base prepares for the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) 2.0 framework to fully go into effect. Suppliers who are not compliant will not get contracts, and defense OEMs want to ensure that the suppliers they rely on are up-to-date on the latest requirements. CyberSecure newsletters give OEMs a direct way to get such urgent information to their suppliers.
Cybersecurity preparedness is central to MxD’s mission to advance national security by strengthening U.S. manufacturing competitiveness.
“A supply chain is only as strong as its weakest link, and when it comes to cybersecurity, there are a lot of links making OEMs vulnerable,” said Scott Kruse, a senior project engineer with the MxD Cyber Team in Chicago. “MxD’s CyberSecure Supplier Program helps OEMs better understand their supplier challenges, creating a first line of defense.”
This is especially valuable, he added, because often cyberattackers are aiming for the OEM and use insufficiently protected smaller suppliers as their way in.
Window onto the Supply Chain
Key to the program’s success, said Kruse, who helped launch the program, are the insights for OEMs, including how suppliers are engaging with the information. Newsletter analytics let companies know exactly what interests their suppliers, telling them how many suppliers took a phishing quiz or read the latest CMMC update.
Additionally, MxD is able to quickly set up the CyberSecure program for an OEM. Once a company signs on, newsletters are going out within 60 days, ensuring that time is devoted to content and delivery instead of long ramp-ups.
“For OEMs and their many suppliers, MxD’s CyberSecure Supplier Program strengthens relationships, builds trust, and provides essential information manufacturers need to improve their cyber defenses,” Kruse said. “We continue to refine and expand this program as the companies we work with have let us know just how important this is in the face of the unrelenting cyberattacks targeting the manufacturing industry.”
