Quarter of manufacturers only have basic cybersecurity plans
Manufacturing firms are more wary of threats from ransomware, data leakage and phishing attacks than other firms. However, fewer of them than average have the highest levels of maturity when it comes to cybersecurity.
The manufacturing sector is critical to the global economy, encompassing diverse industries such as consumer goods, electronics, automotive, energy and healthcare. Due to its global reach and impact, it plays a significant role in exports, innovation and productivity growth, fuelling economic development worldwide.
This centrality also means that it is a highly attractive venue to hackers. A cyberattack on a manufacturer can have significant knock-on effects that can even spread beyond the industry to other organisations along the supply chain.
A new survey from Kroll suggests manufacturing firms are acutely aware of this precarious position. While overall, an average of around 26% of companies told Kroll they were most concerned by ransomware attacks, this rose to 34% in manufacturing. Similarly, on average, 21% of businesses said they were concerned by phishing attacks, but this stood at close to 28% in manufacturing.
Thanks to this fear, manufacturers are pro-active when it comes to rooting out problems early. Kroll found that in terms of threat detection and response, manufacturing firms lead the way – with 11% categorised as trailblazers, compared to 4% among the wider business ecosystem. But despite this, overall Kroll also found that the sector lagged behind when it came to cybersecurity efforts.
The average for the wider economy saw 33% of firms rated as having high maturity in cybersecurity – but according to the researchers, this fell to 28% among manufacturers. At the same time, an alarming 25% of manufacturing respondents still only have basic security capabilities like monitoring – meaning they are under-protected when a threat finds its way in.
Partially this is because manufacturing organisations typically have smaller IT security teams and fewer security platforms, often relying on outsourcing. A majority of 88% of manufacturing firms outsource some IT security services, with only 12% managing everything in-house, compared to 23% of all respondents – and this may be holding them back in terms of investing in the long-term.
Looking more closely, Kroll found that just 8% of manufacturers had invested in a holistic cybersecurity plan which included recovery capabilities, crisis management and business continuity planning. More often, firms opted for lightweight plans – with 9% saying their plans went beyond monitoring to also include a minimal addition of digital forensics, and containment or disruption of threats.
Laurie Iacono, North America threat intel lead for cyber risk at Kroll, commented, “Manufacturers can operate millions of interconnected systems and services reliant on an IT infrastructure that is especially susceptible to cyberattack. What’s more, the threat we see the industry facing most often is difficult to manage in that it can target multiple departments, from HR to finance, and having control and visibility over vast networks can be challenging, especially when a company needs to rely on its employees as its first line of defence. It is interesting that an industry that utilises the most mature threat detection and response capabilities also outsources the most.”