The EEF, the manufacturers’ organisation, has just published an industry report”Cyber Security for Manufacturing” which details the issues facing manufacturing in their readiness to prepare for the 4th Industrial Revolution and digitalisation.
The report highlights that some manufacturing businesses are missing opportunities because they are concerned about cyber security vulnerabilities which prevents them from investing in new digital technologies.
In the report 41% of manufacturers surveyed did not believe that they had access to sufficient information to allow them to assess their specific risk confidently, and 45% are not confident that they have the right processes and technologies in place to mitigate cyber risk.
The Governments ongoing programme to improve cyber resilience does not specifically address the needs of manufacturing according to the EEF report.
Third party assurance – securing the supply chain
The current environment increasingly requires organisations to secure their supply chain.
“59% of manufacturers report that they have already been asked by a customer to demonstrate or guarantee the robustness of their cyber security processes…
For the 37% of manufacturers who report they could not do this if asked today, business will become increasingly challenging…
50% of manufacturers indicated that the imminent application of GDPR had caused them review their cyber security arrangements”
Steps for manufacturers to take to protect their businesses
The main steps identified by the report that manufacturers could take were to look at introducing baseline security controls, starting with the government backed Cyber Essentials which is designed to help any business or organisation to protect itself against the most common types of cyber attacks.
The report also identifies the need to implement a risk management strategy, identifying business processes that are critical, and then to prioritise protecting these with security controls.
Thirdly, assessing the impact of a cyber attack or data breach will be an essential step to creating an incident management plan to prepare and effectively respond to an incident.
Finally, this is not a static process, it is important to have a continual review process in place to assess changing threats and assess current risks and controls.
Read the EEF report Cyber Security for Manufacturing