Almost half of Britain's manufacturers (42 per cent) have been a victim of cybercrime over the last 12 months, according to new research.
The data emerged in a new report - Cyber Security: UK manufacturing - published today by manufacturers organisation Make UK and BlackBerry, which also revealed over a quarter of respondents (26 per cent) reported substantial financial loss due to an attack, with losses ranging from £50,000 to £250,000, say researchers.
Almost all - 95 per cent - say cybersecurity measures are necessary for their company, while two-thirds indicate the importance of cybersecurity has increased in the last 12 months. The majority (54 per cent) decided not to take any further cybersecurity action despite adopting new technologies to boost production.
UK manufacturers face a battery of cybersecurity risks, ranging from simple employee error to complex targeted attacks, say researchers. The top three cybersecurity vulnerabilities were identified as maintaining legacy IT (45 per cent), a lack of cyber skills within the company (38 per cent), and providing access to third parties for monitoring and maintenance (33 per cent). The research also found that production stoppages were the most common result of a cyberattack (65 per cent), with reputational damage ranking second (43 per cent).
The adoption of the industrial Internet of Things (IoT) is shown to be the biggest driver behind cybersecurity adoption for one in three organisations (30 per cent). These new IoT processes, such as automated sensors driving efficiencies, sit at the heart of manufacturing production and are seen as business-critical functions. However, just over a third (37 per cent) say that concerns about cyber vulnerability have prevented the introduction of new connected technologies into their organisation, hampering potential productivity gains and holding companies back from growth.
62% of manufacturers now have a formal cybersecurity procedure
Targeted attacks are the most common, with smaller companies often the most vulnerable, yet many offer no cybersecurity training to staff. A total of 62 per cent of manufacturers now have a formal cybersecurity procedure in place in the event of an incident, up 11 per cent on last year's figures, with the same number giving a senior manager responsible for cyber security. More than half (58 per cent) have escalated this responsibility to board level.
Stephen Phipson, CEO of Make UK, the manufacturers' organisation, says: "Digitisation is revolutionising modern manufacturing and becoming increasingly important to drive efficiencies in this incredibly difficult inflationary environment. While cost remains the main barrier to companies installing proper cyber protection, the need to increase the use of the latest technology makes mounting a proper defence against cyber threats essential.
“No business can afford to ignore this issue, and while the increased awareness across the sector is encouraging, there is still much to be done. Failing to get this right could cost the manufacturing industry billions of pounds and put thousands of jobs at risk. Every business is vulnerable, and every business needs to take the necessary steps to protect themselves properly."
The composition of cyber defence across UK industry is wide – with 89 per cent of companies investing heavily in antivirus software and firewalls to secure internet connections. Threats originating in Russia and China are now considered the main challenge to cybersecurity for UK manufacturers (75 per cent).
"Clearly, the UK manufacturing industry is acutely aware of the threat that cybercrime presents,” says Keiron Holyome, VP UKI, Eastern Europe, Middle East and Africa at BlackBerry. “With attacks increasingly targeting operational infrastructures at the heart of major economies, the bigger issue is the majority of manufacturers that may not be aware that they have already been compromised. In our experience, it is possible – indeed, likely – that malware is present in legacy infrastructure, just waiting for the right time to strike.
“Today's sophisticated threats are not deterred by outdated antivirus and firewall protection; it's time for industry management to bring in the big guns of preventative cybersecurity to protect against all vulnerabilities, from accidental insider breaches through to the very real threat of nation-state attacks."
- EY cyber leader warns of IoT supply chain risksCloud & Cybersecurity
- Veracode: software security still lagging in public sectorCloud & Cybersecurity
- Survey into future of cloud security in the Middle EastCloud & Cybersecurity
- Metrics “laundry lists” could indicate lack of CIO strategyData & Data Analytics