C-Suite Ignoring Smart Factory Cyber-Threats

Human negligence, cyber skills gaps and disinterested C-level execs are putting manufacturing firms at an escalated risk of serious breaches, according to Capgemini.

The global consultancy collected responses from cybersecurity leaders in 950 organizations to compile its reportSmart & Secure: Why smart factories need to prioritize cybersecurity.

It revealed that while over half (51%) of respondents predicted the number of attacks on smart factories would increase over the coming 12 months, a similar number (47%) claimed security is not a C-level concern in their organization.

This kind of disconnect between business and cybersecurity leaders is commonplace across industries. In research published last month, 54% of UK and US CISOs complained that their board was not releasing sufficient funding for vital initiatives.

Capgemini cybersecurity business lead, Geert van der Linden, argued that operational technology (OT) and industrial internet of things (IIOT) devices have expanded the cyber-attack surface and made smart factories a significant target for threat actors.

“The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset,” he added.

“Unless this is made a board-level priority, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite.”

Alongside C-level indifference to cybersecurity issues and related budget constraints, the report warned of human-shaped challenges undermining efforts to improve risk mitigation.

This takes two forms. The first is employee negligence: 28% of firms impacted by cyberattacks in the past 12 months noted an increase in employees or vendors bringing in infected devices. These include laptops and handheld devices used to install and patch smart factory machinery.

The second people-related challenge is cyber skills: 57% of respondents said that the scarcity of smart factory cybersecurity talent is more acute than that of IT security talent. Many organizations in the sector are also lacking a dedicated security lead, the report claimed.

What’s Hot on Infosecurity Magazine?