For the fourth year in a row, Manufacturing has been cited as the #1 most targeted industry for cybersecurity incidents by the IBM X-Force Threat Intelligence Index. According to the Verizon 2025 Data Breach Investigations Report, 90% of breached manufacturing organizations were SMBs with fewer than 1000 employees. We take these statistics very seriously at Birk Manufacturing.
A few months ago we published a blog post about our first steps toward achieving Cybersecurity Maturity Model Certification (CMMC) Level 2 certification. CMMC is a unifying standard for the implementation of cybersecurity across the military and defense supply chain ensuring that companies meet stringent cybersecurity standards. Since that time, we have moved forward with our goal of achieving full compliance by the end of 2025.
Our team member, Alex Mackin, recently completed the training and certification process to be a Certified Cyber Professional (CCP) to further his personal and the company’s goals. This 32-hour training covers the CMMC model, levels, domains, and practices. It also trains on all the associated reference documents such as DFARS, NIST, CUI Definitions and Guidelines, and much more.
Having a CCP on staff means that we can confidently move forward with the next steps in the process, while having a knowledgeable team member to guide us with a structured approach and ensure compliance with all necessary standards. Currently, we are defining the scope of Birk’s Control Unclassified Information (CUI) – identifying all systems, devices, and data flows that handle, store, or transmit CUI.
Several years ago, when we began our compliance journey, our first cybersecurity assessment was extremely low. However, with our continuing work, our latest Basic Security Assessment showed a high level of readiness, with 96 out of 110 points on the Supplier Performance Risk System (SPRS) score. This value is based on the company’s compliance with the 110 security controls outlined in NIST SP 800-171. The next step is to document this compliance with clear evidence for the CMMC assessment.
To us, CMMC compliance isn’t just checking all the boxes. It follows the Key Principles that guide our organization…
1. Customers first – we want to ensure your data is completely safe in our hands, whether that’s confidential plans or financial data.
2. Help each other out – we want to keep our own team safe from harm as well. All companies maintain personal data on their employees that must be protected.
3. Learn new skills – cybersecurity is a constant growth curve…as bad actors get stronger and more creative, so must we!
4. Communicate – we want to make sure our customers and employees are always aware of what we are doing to keep their data, and our company, safe.
5. Have fun – We always have fun working together to solve challenging problems, whether that’s designing and manufacturing thermal solutions, or securing our systems from hackers.
Cybersecurity can’t be an afterthought anymore. We’ve got to face it head-on and that’s what we’re doing at Birk Manufacturing.