The impact of cyber-attacks on UK manufacturers extended well beyond Jaguar Land Rover (JLR) last year, with 78% of businesses suffering a serious incident, according to new data from ESET.
The security vendor polled 500 senior decision-makers responsible for IT, OT, operations, risk or security in UK manufacturing organizations, to understand more about threats to the sector.
Almost all (95%) respondents admitted that an attack had a direct impact on their business, and most (53%) suffered financial loss as a result. Supply chain disruption (44%) and missed customer or supplier commitments (39%) were also common, according to the study.
Of the organizations that experienced a full or partial shutdown as a result of an intrusion, most (77%) suffered between 1-7 days downtime, while 56% reported 1-3 days of outages.
Read more on manufacturing breaches: JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss
Despite mounting threats, a fifth of respondents claimed to have limited or no visibility into cyber risk that could impact production.
AI-enabled attacks were cited by more respondents (46%) as a threat to production than any other type, including phishing (42%), ransomware (40%) and unauthorized system access (38%).
Boards Must Take Control
Although the cautionary tale of JLR is still fresh in the memory of senior leaders, most do not appear to be engaged with managing cyber risk.
Only 22% of respondents said they assign accountability to board or executive leadership, with ownership for cyber staying within IT for most (55%). That typically betrays low levels of maturity in an organization’s approach to cyber – as does reactive security.
A fifth (21%) of responding organizations admitted they still favor reactive over preventative measures, which can lead to knee-jerk investment in point solutions and a culture of firefighting problems rather than seeking strategic solutions.
ESET UK country manager, Matt Knell, argued that the JLR incident should be a wake-up call for executives in domestic manufacturing businesses.
“The real challenge is that many organizations still treat cybersecurity as an IT issue rather than a strategic business decision. When it sits outside the boardroom, it’s harder to prioritize appropriately,” he added.
“What’s striking is that many organizations still see reactive approaches as more economical, despite the evidence to the contrary. With many major incidents resulting in six-figure losses and widespread operational disruption, the cost of reacting after the fact can be significant.”
A recent IBM X-Force study which revealed that manufacturing accounted for 28% of incidents last year, the fifth consecutive year as the most targeted sector.