A Quarter of UK Manufacturers Suffer Cyber-Attack Losses

A Quarter of UK Manufacturers Suffer Cyber-Attack Losses

A quarter of UK manufacturers have suffered financial or other business losses stemming from a cyber-attack, according to a new study from industry body EEF.

The organization and AIG commissioned think tank the Royal United Services Institute (RUSI) to compile its Cyber-Security for Manufacturing report.

Of the 48% of manufacturers who claimed to have been struck by a cyber-incident, 24% said they suffered losses and the same number claimed their security processes were strong enough to repel any attack.

However, visibility into the scale of the problem appears to be a challenge. Some 41% claimed they don’t have access to enough information to assess their true risk exposure, while 12% said they don’t have the technical or managerial processes in place to assess risk.

A further 45% said they don’t have access to the right security tools.

The stats are concerning given that the manufacturing industry employs 2.6m people in the UK, accounting for 10% of the country’s output and 70% of its R&D, according to EEF.

Over a third (35%) of the vast majority (91%) of respondents who claimed they’re investing in digital transformation said cyber-risk was holding them back.

There’s also a clear and pressing need to demonstrate improvements in cybersecurity to increasingly demanding supply chain partners.

Over half (59%) of respondents said they’ve been asked by a customer to demonstrate or guarantee the robustness of their cyber-security processes, and 58% have asked the same of a business within their supply chain.

A worrying 37% of manufacturers said they could not do this if asked today.

“The importance of the manufacturing sector to the security of the UK economy cannot be overstated,” said RUSI director general, Karin von Hippel. “Increasing digitization creates further opportunities, but also exposes us to potential vulnerabilities to cyber-attacks, whether from criminals or nation-state adversaries. The sector needs to recognize these risks and respond accordingly.”

Source: Information Security Magazine