Fortify the IoT With Cybersecurity and R&D Tax Credits

By Chris Bard, Rick Schreiber and John Riggi

As manufacturers adapt Internet of Things strategies to their business models, they should weigh these two often-overlooked elements.


No manufacturer, regardless of size or ingenuity, is immune to technology disruption. The question companies need to ask themselves isn’t whether they can afford to invest in the future of manufacturing—it’s whether they can afford not to.

The MPI Internet of Things Study, sponsored by BDO, demonstrates the powerful opportunity the Internet of Things presents for modern manufacturers. In 2016, 72 percent of manufacturers improved their productivity and 69 percent increased their profitability thanks to IoT implementation in their plants and processes.

Left to right: Chris Bard, Rick Schreiber and John Riggi

These days, 60 percent of manufacturers have a strategy to apply the IoT to their processes, including 36 percent that are already implementing it. For the 40 percent of companies that have not yet considered how the IoT could benefit their bottom line and their customers, now is the time to do so.

As manufacturers adapt IoT strategies to their business models, our study found they should weigh two elements that are often overlooked: cybersecurity and research and development (R&D) credits.

Laying a Secure Foundation
While the IoT can afford many opportunities for growth and improvement, it is not without its challenges. According to BDO’s 2016 Manufacturing RiskFactor Report, 92 percent of manufacturers cite cybersecurity as a top risk factor for their business, and it’s no secret that the IoT increases potential vulnerabilities and entry points for hackers.

A data breach can result in angry customers and lost business, particularly if the victim company is deemed cyber-negligent. And for manufacturers that sell to highly regulated industries, including the government, an insufficient cyber posture—even if they haven’t had a data breach—can knock them out of the running for new business or result in terminated contracts.

In 2015, the Department of Homeland Security’s Industrial Control Systems Cybersecurity Emergency Response Team reported 97 cyber-attacks against transportation, metal, machinery and electrical equipment manufacturers, according to Reuters. With this year’s WannaCry ransomware program affecting 75,000 targets worldwide, future incidents are bound to reach manufacturers’ systems.

So when exactly should manufacturers begin to prioritize cybersecurity? The ideal moment is during the product conceptualization and design stage, which is when nearly half (47 percent) of manufacturers surveyed look to curb potential security issues. The Department of Homeland Security agrees: In November 2016, the agency ranked “Incorporate security in their design phase” as the first cybersecurity principle for the IoT.

Training programs for employees are another first step toward securing companies’ systems. Manufacturers’ corporate networks are already exposed to security issues when employees bring their personal devices into the workplace or use them to remotely check work email. Teaching employees how to detect suspicious e-mails and practice cyber hygiene can create a stronger network and increase awareness of threats.

Take Credit for Ingenuity
The IoT conversation focuses on manufacturers’ future, but it also has real implications for current finances. Manufacturers are making technological progress, but 31 percent of those surveyed still consider cost as one of the biggest challenges to progress. Research and development (R&D) tax credits, however, could allow manufacturers to reallocate capital to IoT-related initiatives. Last year, more than 6,000 manufacturers claimed an estimated $10 billion in R&D tax credits at an average benefit of $1 million per company. The number of eligible manufacturers is much higher, meaning many have yet to capitalize on this opportunity.

While 79 percent of manufacturers claim they are investing in the IoT, only 43 percent plan to pursue IoT-related tax credits and incentives. Most of the companies surveyed that were not using R&D credits claimed that they either were not aware of the tax credits (37 percent) or knew of the incentive but did not plan to claim it for IoT-related investments (20 percent), for various reasons.

Available to companies of all sizes, federal R&D tax credits were made permanent by the Protecting Americans from Tax Hikes Act (PATH Act) in December 2015. The legislation also expanded the credit to benefit startups and small businesses, allowing these companies to use the credit to offset their alternative minimum tax or up to $250,000 of their payroll tax liability.

The objective of R&D credits is to encourage exactly the type of progress manufacturers are trying to achieve. Qualifying activities don’t need to be flashy or revolutionary, or even succeed. If companies are trying to make products, processes or software better, faster, cheaper or greener, they probably qualify. When it comes to the IoT, manufacturers often qualify if they are attempting to design, develop and/or incorporate sensors, transmitters, smart devices or other types of machine intelligence into their products or plants.

As with any new advancement, the IoT offers both new resources and new challenges. In the long term, manufacturers’ ability to enhance their products and processes with new layers of insightful data and smart production processes is likely to prove immeasurable beyond perceived risks.

Chris Bard is the practice leader for BDO’s Research and Development (R&D) Tax Services practice and chairman of BDO International‘s Global R&D Center of Excellence. He may be reached at Rick Schreiber is an assurance and advisory managing partner and the national leader of BDO’s Manufacturing & Distribution practice. He may be reached at John Riggi is the head of BDO’s Cybersecurity and Financial Crimes Practice, and may be reached at