Three-quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them – but in reality, many companies still lack the skills and security practices to do so, the study said. New research has discovered.
In a survey of 350 industrial corporations across Europe and the United States, conducted by the Financial Times Longitude research and consulting business, 75% reported that they were aware of an ongoing cyberattack. against their activities (40%) or intentionally. avoid an attack (35%).
Of those who have experienced a cyberattack or data breach, nearly half said it reduced their profits, while four in ten admitted there had been reputational damage and a drop in sales. row.
Mid-sized companies, with valuations between $500 million and $1 billion, emerged as the most likely to be targeted by hackers or cybercriminals, with 49% admitting they had “Deliberately hacked”. Meanwhile, only 41% of groups of $1 billion or more and 36% of smaller businesses under $500 million know about the attacks. Large companies are most likely to intentionally avoid being attacked: 44% said they did, compared with just 29% of midsize businesses.
However, despite the greater vulnerability, the ‘middle limit’ of the manufacturing industry does not appear to be as well prepared for various cyberattacks as larger or smaller groups. Of the five common attack types, mid-sized companies are the least prepared for four of them: phishing; phishing (where scammers trick businesses into disclosing payment information); ‘man-in-the-middle’ attacks (in which criminals intercept and alter secure messages between parties); ransomware (where data is ‘locked’ with encryption and released only for ransom); and SQL injection (where malicious code is used to access the database).
And ‘cyber hygiene’ – the implementation of appropriate security measures – is said to be poor in companies of all sizes. Only a quarter are required to connect via a virtual private network; only a third remind employees to change passwords and require mandatory software updates; less than half of the data is backed up regularly or arranged for industry-specific cyber training.
Senior management often fails to ensure a suitable network management system. Only 36% of production teams assign direct responsibility to a board member for cybersecurity or are reported on the issue annually. Less than half operate a company-wide security policy or hold employees across their entire enterprise accountable for cybersecurity.
The Longitude survey has found that a small number of manufacturers are taking effective steps to protect their operations – by investing in technology, insurance and expert advice. More than half are now investing more in cloud security measures, protecting their computer networks, and preventing attacks through interconnected devices (‘internet of things’ ).
However, the disparity between most companies’ claimed confidence and their limited skills and preparation has led researchers to question the ‘false sense of security’ of surname.