BSI, the UK’s national standards body, is just one organization that firmly believes the future growth and success of the UK manufacturing sector depends on investment in the latest digital technologies.
Make UK, which represents the interests of UK manufacturers, is another. Stephen Phipson, CEO of Make UK (formerly the Engineering Employers’ Federation), recently summed up the benefits of such investment: “Digitization is revolutionizing modern manufacturing and has kept it running successfully over the past year. The rewards are obvious – technological leaps in the design, development, fabrication and operation of the goods and services the UK makes.”
It is in this context that research by Make UK will set alarm bells ringing for some manufacturing leaders. In a member survey last year, the organization found that one in five companies admitted they are currently not investing in new digital processes, even though they know they should do so to continue to compete in an ever-changing global marketplace.
The problem: cyber-crime
The reason, or at least a major part of it, is fear of increased exposure to cyber-attack. Many manufacturers are holding back from implementing the latest innovations in case they compromise the security of their data or the value of their intellectual property.
Make UK’s most recent report, Cyber Resilience – The Last Line of Defence, published in May this year, confirms the scale of the threat, revealing that as many as half of Britain’s manufacturers have fallen victim to cyber-crime in the last 12 months.
This figure is sure to have been boosted by thousands of businesses adopting emergency working practices when the Covid crisis struck. Many were forced to switch to remote production and monitoring, and to staff working from home on hastily supplied laptops – measures that cyber criminals were able to exploit to mount opportunistic attacks.
The cyber crime wave has come at a huge financial cost to manufacturers, with 63% suffering losses of up to £5,000 for each cyber breach, 22% losing between £5,000 and £25,000 per breach, and 6% nursing eye-watering losses of over £100,000 after an attack.
This raises an obvious question: how can manufacturing leaders respond to the scale and cost of cyber-crime?
Here, Make UK has found there is work to be done. Some 47% of manufacturers do not even have a formal plan or process agreed in case of an attack. And 44% of manufacturers still do not offer cybersecurity training to their staff, even though all employees have a responsibility for data protection – it is no longer considered the sole responsibility of the IT department
The majority (59%) cite cost as the biggest barrier to becoming more cybersecure. The cost of inaction, however, could ultimately be much higher – in tangible financial losses, in unquantifiable reputational damage caused by high-profile incidents, and in the ‘opportunity cost’ of delayed or cancelled investment in digital innovation.
The solution: standards
There is no going back to a world before digital information. Manufacturers depend on data that they generate internally, receive externally, and store for the short or long term. This data can relate to their own operations, their employees and partners, and their customers or users. With new information generated continually, the key to cybersecurity is to stay in control of data storage, access security and management processes.
Using internationally recognized standards can ensure your business stays in control. The top priority for many is ISO/IEC 27001 Information Security Management, which informs new processes, improves employee training procedures, and eases legislative compliance. By helping you manage and protect your information assets, the standard inspires trust in your business and builds organizational resilience.
With cloud services now the norm, ISO/IEC 27001 and two related standards – ISO/IEC 27002 and ISO/IEC 27017 – assist you in selecting cloud partners and managing your data storage arrangements securely in partnership with them.
Another extension to ISO/IEC 27001 – ISO/IEC 27701 Privacy Information Management –provides specific guidance on privacy protection through optimized personal information management.
Then there is BS 31111, which helps you understand the cyber-risk landscape to protect against cyber-attacks. It highlights the ‘five Ws’ of data security: Whose data are we holding? Why are we processing it? Where is it kept or transferred to? When are we keeping it until? What safeguarding measures do we have in place?
Show you’re safe
Returning to Make UK’s recent report, the study uncovered one other key finding: 43% of manufacturers have been asked by a customer or supplier to demonstrate the robustness of their cybersecurity, while one in five have themselves asked customers or suppliers to show evidence of their defences against cyber-attack.
This is where certification by an independent third-party expert body, such as BSI, comes to the fore. Certification helps you gain the trust of your customers and other stakeholders by assuring them that their data can be shared safely. It also increases transparency between your supply partners, reassuring all parties that appropriate controls are in place and promoting good practice throughout the supply chain. And certification provides a boost to your corporate reputation in the process.
To conclude, the cyber threat to manufacturers is growing and evolving with digitization – no business can afford to ignore it. Standards, and certification to them, can help you maintain and demonstrate cybersecurity, building trust that data is safe in your hands. Above all, perhaps, it will reassure your own board that you can overcome cyber risks and press ahead with vital investments in digital technology that will ensure your business retains its long-term relevance and resilience.