Has there ever been a more pressing urgency than right now for manufacturers to address cyber-security? Probably not.
And why not? Well, if you’re in the manufacturing industry, you might want to sit down for this: almost 50 per cent of manufacturers have been subject to a cyber-attack, and half of those businesses suffered either financial loss or disruption to business as a result.
Manufacturing is now the third-most targeted sector for attack by hackers, according to a report on cyber-security for manufacturers, published by EEF and AIG and carried out by the Royal United Services Institute (RUSI).
Among the revelations were 41 per cent of companies do not believe they have access to enough information to even assess their true cyber-risk, and 45 per cent feel they do not have access to the right tools for the job.
Worryingly, 12 per cent of manufacturers surveyed have no process measures in place at all to mitigate against the threat of a cyber-attack. Given that almost all the businesses reporting this are SMEs, there needs to be a particular focus on their requirements and perhaps support from larger businesses.
GDPR gives us even more reason to focus on cyber-security
How can these figures be so high when there are such easy steps to take? You only have to invest in a simple, fast and effective security system to ensure you’re fully protected, something we strongly advocate through our partnership with Symantec, who are industry leaders when it comes to data protection and cyber-security.
Hardly a week goes by without a report in the press of a cyber-security incident, so if your business hasn’t taken that step yet, especially with GDPR almost upon us, you have to ask yourself why?
Manufacturing is a significant target for cyber-criminals that can result in the theft of sensitive data, the disruption of access to systems or operational technology, or industrial espionage for competitive advantage.
The report says there seems little doubt that many more attacks will have gone undetected. Moreover, cyber-related risks for manufacturers are only likely to deepen and broaden with increasing digitisation.
While 91 per cent of businesses surveyed say they are investing in digital technologies in readiness for the Fourth Industrial Revolution, 35 per cent consider that cyber-vulnerability is inhibiting them from doing so fully.
This suggests that opportunities are being missed and some businesses risk falling behind in the race to digitise.
Increasing digitisation in the manufacturing sector is opening up new opportunities for cyber-criminals to target operational technology, including production lines and manufacturing equipment, with a view to damaging the infrastructure and production facilities of a business
The report says that EEF has “long championed the rewards for UK manufacturing of being at the forefront of the Fourth Industrial Revolution, a call that is being heeded by UK businesses.”
With GDPR being enforced this month, it will clearly impact on the manufacturing sector’s approach to cyber-security given the need to have appropriate measures in place to protect the personal data of both staff and customers.
A case of not if, but when
And the report says that 50 per cent of manufacturers indicated that GDPR had caused them to review their cyber-security arrangements.
It goes on to say that 59 per cent of manufacturers reported that they have already been asked by a customer to demonstrate or guarantee the robustness of their cyber-security processes, and 58 per cent have asked the same of a business within their own supply chain. Increasingly, this is becoming part of contractual arrangements.
A significant number of manufacturers indicated that there was a lack of awareness and understanding at board level of the extent of the cyber-security challenge to the business, and that some struggled to raise the issue of cyber-security awareness, because it is sometimes perceived to be a complex and deeply technical subject which deterred some senior leaders from engaging with the risk of cyber-crime and other cyber-security threats
All businesses should realise now, more than ever, that a cyber-attack on their company could be a question of not if, but when.
There are various ways to deal with the risk of cyber-attack. You can avoid it completely, reduce it, accept it, or transfer it. We would strongly suggest you deal with it now.