Cyber-attacks threaten manufacturing production as nearly half of manufacturers report cyber-attacks in last 12 months

Russia and China seen as increasing threats to business security – Make UK/BlackBerry analysis

• 95% of manufacturers say cyber security is necessary for their company and two thirds say its importance has increased in the last 12 months
• Nearly half of manufacturers (42%) have been the victim of a cyber- attack in the last year with over a quarter (26%) sustaining substantial financial losses between £50,000-£250,000
• 74% of those who suffered an attack say good cyber security processes prevented any business impact
• One in three say cyber vulnerability is inhibiting investment in technology investment holding back growth and production levels
• Despite understanding the threat, 1 in 5 manufacturers do not properly secure their operational technology equipment, with high costs of cyber security products the main barrier to becoming more cyber secure

Nearly half of Britain’s manufacturers (42%) have been a victim of cyber-crime over the last 12 months according to new research, Cyber Security: UK manufacturing, published today by Make UK, the manufacturers’ organisation and intelligent security software and services provider, BlackBerry. Over a quarter of respondents (26%) reported substantial financial loss as the result of an attack, with losses ranging from £50,000 to £250,000.

As businesses adopt more digital technologies, the exposure to cyber security risks increases. Some 95% say cyber security measures are necessary for their company while two thirds said the importance of cyber security has increased in the last 12 months. However, worryingly, the majority (54%) decided not to take any further cyber security action despite the adoption of new technologies to boost production. The cost of the initial outlay on cyber security remained the main barrier for business (four in ten companies) along with the the cost of maintaining systems (35%).

UK manufacturers face a battery of cyber security risks, ranging from simple employee error through to complex targeted attacks.  The top three cybersecurity vulnerabilities were identified as maintaining legacy IT (45%), a lack of cyber skills within the company (38%) and providing access to third parties for monitoring and maintenance (33%).

The research found that production stoppages were the most common result of a cyber-attack (65%), reputational damage ranking second (43%). Companies further revealed that new customers now want reassurance on details of the cyber security in place before signing contracts.

Industry 4.0 and adoption of the industrial Internet of Things (IoT) is shown to be the biggest driver for one in three organisations (30%). These new IoT processes, such as automated sensors driving efficiencies, sit at the heart of manufacturing production, are seen as business-critical driving companies to spend more to protect them. However, just over a third (37%) say that concerns about cyber vulnerability have prevented the introduction of new connected technologies into their organisation, hampering potential productivity gains and holding companies back from growth.

Targeted attacks are the most common, with smaller companies often the most vulnerable yet many offering no cyber security training to staff. 62% of manufacturers now have a formal cyber security procedure in place in the event of an incident, up 11% on last year’s figures with the same number giving a senior manager responsibility for cyber security. More than half (58%) have escalated this responsibility to board level.

Stephen Phipson, CEO of Make UK, the manufacturers’ organisation said:

“Digitisation is revolutionising modern manufacturing and becoming increasingly important to drive competitiveness and innovation.

“While cost remains the main barrier to companies installing cyber protection, the need to increase the use of the latest technology makes mounting a defence against cyber threats essential. No business can afford to ignore this issue and while the increased awareness across the sector is encouraging, there is still much to be done.

“Every business is vulnerable, and every business needs to take the necessary steps to protect themselves properly.”

The composition of cyber defence across UK industry is wide – with companies investing in antivirus software and firewalls to secure internet connections. Very few companies, under one per cent, report not having any technical mitigation at all in place to protect against unwanted invasion. Russia and China are now seen as the main cyber threat for UK manufacturers (75%).

Keiron Holyome, VP UKI, Eastern Europe, Middle East and Africa at BlackBerry said:

“Clearly, the UK manufacturing industry is acutely aware of the threat that cybercrime presents. With attacks increasingly targeting operational infrastructures at the heart of major economies, the bigger issue is the majority of manufacturers that may not be aware that they have already been compromised. It is possible – indeed, likely – that malware is present in legacy infrastructure, just waiting for the right time to strike. Today’s sophisticated threats are not deterred by outdated antivirus and firewall protection; it’s time for industry management to bring in the big guns of preventative cybersecurity to protect against all vulnerabilities, from accidental insider breaches through to the very real threat of nation state attacks.”

Further details can be found in the report, Cybersecurity: UK Manufacturing, available here  Cyber Security in Manufacturing | Make UK