More than two in five (42%) of UK manufacturers have been a victim of cybercrime in the past 12 months, according to new research by Make UK and BlackBerry.
Of those organizations that suffered an attack, over a quarter (26%) experienced substantial financial losses, ranging from £50,000 ($61,300) to £250,000 ($306,500)
The primary consequences of a cyber-attack on their business include disruption to operations (65.2%) and reputational damage (42.9%), according to the respondents.
The manufacturers highlighted a number of operational technology (OT) security concerns in their organizations. The most significant of these were maintaining legacy IT (44.6%), limited cybersecurity skills within the business (37.5%) and providing access to third parties for remote monitoring and maintenance (33%). Understanding IT versus OT security (26.8%) and an increased attack surface due to the increase in OT convergence (21.4%) were also cited as areas of concern by the respondents.
The growing implementation of internet of things (IoT) was the biggest driver of cybersecurity adoption for one in three (30%) organizations. IoT technologies are often critical to modern manufacturing processes, such as sensors that can predict early OT malfunctions all in an effort to drive efficiency.
However, over a third (37%) of manufacturers admitted that concerns about cybersecurity had prevented the introduction of new connected technologies into their organizations, potentially hampering productivity.
The manufacturing industry has become an increasingly attractive target for threat vectors such as ransomware due to the ability to shut down operations by targeting IT and IoT environments as well as the lucrative intellectual property (IP) data often held by manufacturers.
Speaking to Infosecurity, Keiron Holyome, VP UKI & emerging markets, BlackBerry, noted: “If we learned anything from the rapid uptick in digital transformation over the last few years, it’s that cyber-criminals won’t hesitate to identify and attack new vulnerabilities, so as manufacturing organizations adopt more IoT technologies in operational roles, cyber protection needs to run hand in hand with deployment to ensure new connected devices don’t become weak spots for cyber-attack.”
Worryingly, over half (54%) decided not to take further cybersecurity action despite adopting new technologies to boost production.
Nearly two-thirds (62%) of respondents offer formal cybersecurity training to their employees, although this fell to just 50% for small companies with nine or less employees. Encouragingly, there was a significant rise in manufacturers with a formal cybersecurity incident response measure in place at 62%, an 11% rise compared to 2021.
Additionally, there is significant business involvement in cybersecurity in this sector. Nearly two-thirds (62%) of respondents revealed there is now a senior manager involved in a cybersecurity committee within the business, while 58% said a main board director is responsible for driving cyber protection for the firm.
Cybersecurity Investment
The vast majority (89%) are investing heavily in antivirus software and firewalls to secure internet connections. However, Stephen Phipson, CEO of the manufacturing association, Make UK, told Infosecurity that these investments are insufficient for dealing with new threats brought about by recent adoption of digital technologies like industrial IoT.
“Our research showed that the perception of cybersecurity importance is almost unilateral – with a strong focus on cybersecurity in the boardroom, built into business strategies and with plans and training in place, however the actual reported deployment of security measures in businesses falls below required levels,” he commented.
Longer-term, Phipson expects the financial pressures brought on by the challenging economic climate “will undoubtedly impact manufacturers’ ability to make significant cybersecurity investments.”
Despite this, the huge potential costs of cyber-attacks on this sector means that manufacturing organizations cannot afford to reduce investment in cybersecurity, according to Holyome.
“It’s easy to underestimate the sophistication of modern cyberattacks until they strike, and then the cost of damage by far outweighs the inconvenience of managed downtime to ensure that cyber defenses are comprehensively in place,” he said.
In July 2022, a report from Capgemini found that the growth of OT and IoT is putting manufacturing organizations at ever-greater risk of cyber-attacks.