A new report published by manufacturers’ organisation EEF in partnership with insurance firm AIG and the Royal United Services Institute (RUSI) shows that 48% of UK manufacturers have been subject to a cyber-security incident at some time.
Loss and Disruption
Half of those manufacturing companies who admit to being hit by cyber-criminals have said that the incident(s) caused financial loss or disruption to business.
Challenges
The report highlighted several key challenges that the manufacturing industry faces in making itself less vulnerable to cyber-criminals. These challenges include:
- The age of equipment and the networked nature of production facilities. Many industrial systems are up to 20 years old and were developed before cyber threats became a big issue. As a result, poorly protected office systems, often the first implemented historically within manufacturing businesses, are particularly vulnerable. Also, a networked building, such as many manufacturing sites, can be hacked and exploited.
- Many manufacturing companies hold a large amount of classified information e.g. intellectual property (IP) and trade secrets, which makes them targets for (for example) financially motivated, state-sponsored hackers.
- Having no idea of the nature and size of the risks. 41% of manufacturing companies don’t believe they have access to enough information to assess their true cyber risk, and 12% of manufacturers admit they have no technical or managerial processes in place to even start assessing the real risk.
- A lack of basic detection that a cyber attack is taking place / has taken place, and a lack of investment in training i.e. 34% do not offer cyber-security training.
- Feeling that they are not equipped to tackle the risk anyway. For example, 45% are not confident they are prepared with the right tools for the job.
- A lack of confidence. Although 91% of the 170 UK manufacturing businesses polled are investing in digital technologies, 35% think that cyber vulnerability is inhibiting them from doing so fully.
What Does This Mean For Your Business?
For manufacturing businesses facing the very real threat of sophisticated, multi-level attacks, now is not the time to be left with a vulnerable outdated system. Advice from the report includes following the advice of the Government backed ‘Cyber Essentials’ scheme. This includes the 5 security essentials of using a firewall to secure your Internet connection, choosing the most secure settings for your devices and software, controlling who has access to your data and services, protecting yourself from viruses and other malware by using antivirus software, only downloading apps from manufacturer-approved stores, or running apps and programs in an isolated environment, and continually ensuring that operating systems and software are up-to-date and running the latest security patches.
Clearly, manufacturing companies with old systems may need to bite the bullet and invest in more modern, digitised, and well-protected systems. The report also indicates that greater investment in staff training is needed to help them spot and deal with risks, and to avoid the kind of human error that is needed in many modern cyber-attacks e.g. malware / viruses sent by email, phishing, and other social engineering attacks.
Another opportunity for manufacturing companies to boost cyber-security could also come from cyber-insurance. For example, many cyber insurers offer a comprehensive package of pre-loss services to businesses to carry out a cyber health check which could help to highlight gaps in cyber risk management and help identify what security measures should be prioritised.