Nearly half (48 percent) of UK manufacturers have been victims of a cyber attack, according to a new report. As a result, the Cyber Security for Manufacturing report calls for greater government support and a focus on the security needs of factories.
The paper, published by manufacturers’ organisation EEF and AIG, and carried out by The Royal United Services Institute (RUSI), surveyed 170 UK companies. It found that 41 percent do not believe they have access to enough information to even assess their levels of cyber risk. Meanwhile, 45 percent feel that they lack access to the right tools for the job.
The threat of a cyber attack is also holding back manufacturers from investing in digital technologies, found the report, with one-third of those surveyed nervous of carrying out digital improvements and transformation programmes.
The report warns:
This suggests that opportunities are being missed and some businesses risk falling behind in the race to digitise. The result must not be that the UK falls away from the vanguard of manufacturing excellence.
It adds that the maturity levels of different organisations’ cybersecurity are “highly varied, both in terms of awareness of the cybersecurity challenge and the implementation of appropriate risk-mitigation measures.”
The report also reveals that 12 percent of manufacturers have no process measures in place at all to mitigate against cyber threats.
While the paper welcomes government moves to improve national cybersecurity resilience, it adds that no priority has been given to the specific needs of manufacturing.
“This must change,” cautions the report. “There needs to be a particular focus on the requirements of our sector, recognising that a one-size-fits-all approach for business is insufficient and, equally as importantly, comprehensive security cannot be the exclusive domain of large businesses who can afford bespoke end-to-end protection.”
The document adds that the motivation for change is coming from manufacturers themselves, with 59 percent reporting that they have already been asked by a customer to demonstrate or guarantee the robustness of their cybersecurity processes, and 58 percent having asked the same of a business within their supply chain.
The cybersecurity journey
“However, while some manufacturers are only at the beginning of their cybersecurity journey, as this report shows, sensible precautions and a proper cybersecurity business plan are in reach of all,” continues the document. “These measures will provide the confidence businesses need to invest in digitisation, and the credibility to operate in the sector as a trusted supplier.”
“We know businesses cannot afford to ignore this issue any longer,” said Stephen Phipson, CEO of EEF. “And while we welcome government’s progress in improving cybersecurity resilience, to date through the work of the NCA and NCSC, there needs to be an increasing focus given to the specific needs of manufacturing, which hitherto has been lacking.”
Failing to get this right could cost the UK economy billions of pounds, put thousands of jobs at risk, and delay the supply of essential equipment to key public services and major national infrastructure projects. I hope this report underlines the critical risk to government and industry.
Internet of Business says
The digital transformation of manufacturing, or Industry 4.0, is the definitive example of the IoT in industrial settings. Manufacturers have been quick to recognise the opportunities to cut costs, increase production and predict maintenance needs. And they have had to sensitively negotiate the complexities of a reduced human workforce as part of that transformation.
However, this quick response and the resultant challenges have often come at the expense of cybersecurity. IoT solutions are often tacked onto legacy machinery, with 10-year-old plants performing alongside brand new ones on many factory floors.
Similar challenges exist in the highly regulated healthcare sector, too, where legacy equipment still has a critical role to play in saving lives, and yet needs to be secured to modern standards. In both cases, devices are often put online that were not originally designed to be connected to the internet.
In manufacturing, this patchwork of customised connectivity, while demanding huge investment, is often achieved while allocating very little budget to the IT that needs to support and protect the new online infrastructure.
With cyber attacks becoming ever more commonplace, and their creators increasingly capable, manufacturers must act fast to keep up – or risk serious financial losses and damaged reputations.
For more on cybersecurity in manufacturing, and much more besides, attend our Internet of Manufacturing event in London on 5-6 June.