Almost half of UK manufacturers have been subjected to cyber attacks, according to trade group EEF’s report published in April 2018.1
Manufacturing companies have always been one of the leaders in adopting new technologies. They have embraced the connected world, which has brought great efficiencies and advances, but also potentially significant and largely uninsured exposures.
Cyber criminals are not just the isolated teenagers working from their bedrooms churning out SQL injections at large Telecom companies , they are also sophisticated criminals operating in highly organised groups, sometimes for hire, sometimes driven by ideology or commercial gain.
Manufacturers’ process control and supervisory control and data acquisition (SCADA) systems have long been thought impenetrable due to their proprietary and highly customised networks, once largely air gapped from the rest of the company’s other technologies.
The report also highlighted that only 62% of manufacturers have invested in cyber security training and 12% admitted to not having any technical or managerial strategy in place to assess or mitigate cyber attacks.1
However, the convergence of industrial control systems with enterprise infrastructure such as Web Services and Ethernet could heighten the risk of a cyber attack for manufacturing organisations; this could be largely overlooked or ignored due to what may be perceived as a substantial cost in order to achieve the correct levels of cyber security required by the business. Many manufacturers will naturally allow for this convergence due to the necessity of having increased visibility, just in time ordering, scheduling and remote support.
According to a threat report produced by the industrial cyber security company Dragos, 2017 was a turning point for industrial control systems (ICS), largely because of the discovery of new capabilities and a significant increase in ICS threat activity groups.2
Many manufacturers have uninsured exposures, so it’s time to take action and ensure that they have a cyber insurance product that encapsulates the unique cyber security risks facing the modern manufacturer, enabling risk transfer of residual business risk for that worst case day.
1. www.information-age.com/uk-manufacturers-victim-cyber-attacks-123471623/ April 2018
2. www.computerweekly.com/news/252436129/Cyber-threat-to-industrial-control-systems-highest-yet March 2018