Manufacturers understand cyber-security is a serious threat to businesses of all sizes, but often feel unprepared for tackling the challenge of safeguarding their organisation. That is one of the key messages from the upcoming Cyber-Security for Manufacturing report set to be released by EEF and RUSI in partnership with AIG on 23 April 2018. This was also echoed at the recent National Manufacturing Conference workshop on cyber-security where the majority of delegates didn’t feel their company had the right processes and tools for meeting a cyber-security threat.
Given the complexity and urgency of this issue – which has particular relevance for UK manufacturing – it is imperative that the industry receive support in planning for and implementing best practice cyber-security measures.
Investing in digital – tentatively
One of the findings of the forthcoming Cyber-Security for Manufacturing report is that 91% of manufacturers intend to or are investing in digitalisation; the so called Fourth Industrial Revolution (4IR) that will help business grow and become more productive. However, 35% feel inhibited from moving more actively towards these digital technologies because of the perceived cyber vulnerabilities that such digitalisation may bring to their infrastructure. Given the importance of 4IR to ensuring UK manufacturing’s competitive edge, it is imperative manufacturers feel confident that their processes and software are up to the cyber-security challenge.
Although cyber-security affects every company in all industries, there are particular challenges for manufacturers. These could include
- Theft of intellectual property in product and/or process, leading to loss of competitive advantage, or this data stolen or encrypted and held to ransom until the manufacturer pays up
- Denial of access, or damage to operational systems, including production facilities
- Negative impact on trading reputation, leading to loss of customers or suppliers
- Impacts to the supply chain, either components (both technology, materials or services) or your supplier/business partner being the entry point to your infrastructure due to lax security on their part
- Legacy (old) embedded systems/equipment that is no longer supported is a major risk to many manufacturers and may lead to a serious impact on production capabilities, including a complete stoppage as we saw during the Wanacry and NotPetya attacks in 2017
- Inability to conform with customer demands for mandated cyber-resilience and mitigation plans
- These business critical issues mean cyber-security is on the minds of manufacturers across the country who are looking for bespoke solutions to their concerns.
Lack of information, support and understanding
The importance of cyber-security to manufacturers was highlighted by the fact that one of the four workshops at the National Manufacturing Conference in February 2018 was on cyber-security. Sponsored by AIG, the workshop was chaired by Ewan Lawson, Senior Research Fellow at the Royal United Services Institute (RUSI), and head of the Cyber Security Programme. Ewan is one of the joint authors of the upcoming report, Cyber-Security for Manufacturing. The workshop panel was made up of Paul Hingley, Business Manager Data Services, Siemens Digital Factory, Darren Joint, Managing Director and Co-Owner, Vikings Signs Ltd, Martin Overton, Cyber Risk Specialist, AIG and Nick Yarham, Client Engagement Manager, Corvid - Ultra Electronics.
The expert panel set out why, left unchecked, the threat from cyber-crime can be a major barrier to business and growth in manufacturing, and why the process of digitisation needs to be accompanied by an increasing awareness of, and resilience against, this growing threat.
Yet the outlook for business needn't be ruinous and the workshop was intended to provide practical ideas for businesses to improve their own cyber-security credentials. Even basic, easy to apply measures are surprisingly comprehensive – according to our experts, these will provide security against up to 90% of threats. All businesses should have, or be looking to implement, a suite of complimentary security processes, tailored to individual circumstances. Options include risk-evaluation tools, software-based monitoring and protection, education and training, and specialist insurance. Guidance for evaluating, applying and verifying the measures right for your business will be a highlight of the Cyber-Security for Manufacturing report. Properly implemented, this will allow UK manufacturers to reap the rewards of being at the forefront of 4IR.
AIG is a leading global insurance organisation. With the onset of 4IR and the evolution of risk within manufacturing, AIG is developing innovative solutions to help manufacturers understand cyber exposures.