The Cyber Security Landscape in the Manufacturing Sector

Many companies in the manufacturing sector have transformed into digital enterprises using technologies such as advanced materials, internet of things, artificial intelligence, robotics, analytics and augmented reality.

This transformation, called Industry 4.0, has enabled improved manufacturing processes, supply chain management and customer experience. However, this industrial revolution also brings forward many cyber threats that could potentially become major barriers in business growth.

The manufacturers’ organisation EEF has published a report on cyber security issues in the manufacturing sector. Some key cyber security statistics for the manufacturing sector mentioned in the report are:

(i). Manufacturing sector is the third most hit by cyber attacks in the UK,

(ii). nearly half of companies (48%) in the UK have been hit by cyber attacks,

(iii). 35% of businesses are reluctant from fully investing in the industry 4.0 due to cyber vulnerabilities,

(iv). 45% manufacturers believe that they do not have the right tools to ensure cyber security,

(v). 12% businesses have no process measures at all to mitigate the cyber threats, and

(vi). 59% of manufacturers have been asked by a customer to demonstrate the robustness of cyber security processes.

EEF report has provided suggestions for manufacturers to reduce the cyber risks.

Cyber Essentials scheme can be used as a baseline to protect manufacturing businesses from the most common types of cyber attacks. It provides self-assessed certification, and mentions five technical controls to ensure the system has at least minimum level of protection against cyber attacks.

The next level for cyber security is the ISO 27000 series of standards which help businesses manage data assets, and can provide a standard to manufacturing businesses for developing approach to cyber security.

Another way to manage cyber risks is the cyber resilience lifecycle. This cycle has different stages which must be nominated by a member of board. These stages are mentioned below:

  • Prevent cyber security breaches by introducing stronger protections
  • Prepare for cyber security breaches by developing plans to mitigate risks and reduce the impact of potential attack
  • Respond to threats according to an implemented incident management plan
  • Recover from a cyber security breach by any residual cyber vulnerability and manage any damage
  • Review the causes and impact of any breach and update cyber security policy to better manage such incidents in future