Manufacturers need to step up their cybersecurity planning, according to a new survey from the representative voice of UK manufacturing EEF.
The firm found almost half of the manufacturers quizzed have failed to increase their investment in cybersecurity in the past two years, with 20% admitting they don’t actively make their employees aware of cyber risks in company policies.
What’s more, just 36% of manufacturers have an incident response plan in place and only 24% monitor cyber threats through business KPIs.
These are worrying statistics, especially when you take into account the fact that government figures showed 90% of large businesses and 74% of small businesses reported a cybersecurity breach last year.
Director of information security at Canon Quentyn Taylor told Infosecurity that failing to have an incident response plan in place is a huge security risk, arguing more companies need to shift their focus from prevention to mitigation.
“Only someone who hasn't been reading the news believes that total defense is economically viable or even possible,” he said. “Accept that you have been compromised and learn to deal with it. If we all accept that compromise is inevitable then the next step is having a response plan. Fire safety is taken very seriously in all companies, and fire drills occur frequently yet why companies believe that they can operate without information security fire drills is a troubling point.”
Ms Lee Hopley, chief economist at EEF, voiced similar concerns:
“Our survey highlights that investment in new technology isn’t being matched by investment in managing risks, especially among smaller firms.”
“It is important that manufacturers are able to identify, understand and put the correct strategies in place to keep their businesses safe and cyber secure,” she added.