The digital transformation of the factory floor is revolutionising production in the UK, but EEF, the manufacturers’ organisation (formerly the Engineering Employers’ Federation), has found that the UK’s manufacturers are failing to match their investment in new technologies with appropriate investment in cyber security.
EEF warns that cyber security risks for manufacturers – including “data manipulation, potential changes to product formulation and data held for ransom” – are greater than for other sectors, and all carry potential health and safety risks. The UK is “a globally important manufacturing nation – 7th in the world in terms of manufacturing output” – but to maintain this position, “Manufacturers need to be more proactive at managing cyber threats”.
Fourth industrial revolution
The integration of physical production and digital technologies, known as the fourth industrial revolution or 4IR, will change the manufacturing landscape significantly, boosting productivity and delivering an estimated £350 billion boost to the British economy by 2030, but digital infrastructure needs to be secure and reliable to support machine autonomy.
A survey of EEF members published this week found that 80% of manufacturers say the 4IR “will be a business reality by 2015”, but the majority are not prepared for the increased risks that cyber-physical systems bring.
- Only 36% of manufacturers have a cyber breach incident response plan in place.
- 40% of manufacturers have not increased their investment in cyber security in the past two years.
- Just 56% of respondents say cyber security is given serious attention by their board.
Cyber security for manufacturers
According to EEF, 44% of small manufacturers, 60% of mid-sized manufacturers and 77% of large manufacturers are “most likely to have increased” their investment in cyber security. In particular, small and medium-sized manufacturers – which may be more constrained by budgetary limitations than their larger counterparts – should realise that cyber security is not necessarily a huge expense. A basic level of cyber hygiene is easily in reach for a very affordable investment.
Certification to the government’s Cyber Essentials scheme is an essential first step in the journey to cyber security and can be achieved from only £300 if you use IT Governance’s Do It Yourself approach. The Cyber Essentials scheme sets out five security controls that can be used to help prevent around 80% of cyber attacks.
Manufacturers that want to go further and implement a best-practice information security management system (ISMS) should look to the international standard ISO 27001.
An ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied across the firm and throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification, helping secure your supply chain. As well as improving your cyber security, the external validation offered by ISO 27001 certification is likely to increase your organisation’s business efficiency while providing a higher level of confidence to customers and stakeholders, as well as allowing you to meet your legal, contractual and regulatory data protection obligations.
Help towards ISO 27001 certification
IT Governance has been helping organisations of all sizes and locations implement ISO 27001 for well over a decade. Whatever you want to know, and whatever resources you need, we’re your single source for everything to do with ISO 27001 – from the Standard itself to books, documentation toolkits, training courses, consultancy and software to help you implement an ISMS in your organisation to ensure you aren’t left behind by the fourth industrial revolution.
Starting at just £380, our ISO 27001 Packaged Solutions combine all of these resources in fixed-price packages to suit all needs. Click here for more information on ISO 27001 >>