Manufacturers and Cybersecurity Risk

As more and more forward-thinking manufacturing organisations move to using digitally connected systems, the more vulnerable they become to cyberattack. If your business is adopting new ways of working that encompasses digital systems, then you will need to consider how resilient your company is to the growing threat from cyberattacks.

You might be looking at adopting Industry 4.0 technologies, which involve intelligent technology and machinery. Benefits can be substantial and include shop floor automation, the elimination of many manual processes, improvements to product quality, waste reduction and transformation of the customer experience.

Embracing digital systems to improve operations, and customer and supplier relationships is a positive step and brings many opportunities for growth as systems become more efficient, but it also brings a new advantage to the cybercriminal, who has new ways to attack your organisation.

Manufacturing organisations must consider these threats to protect their business, because if they do occur, they can be significant and cause huge disruption to the business.

To protect your business, you should consider a comprehensive cyber risk management plan that includes procedures and paid services, such as robust insurance cover and engagement with cyber recovery experts, to fully protect you against a worst-case scenario.

Enquire now

One of the most significant risks to manufacturing organisations is ransomware, which in simple terms is malware that encrypts your files and can only be removed following payment in exchange for the encryption key.

It’s relatively easy to fall prey to a ransomware attack, which can infiltrate your systems through an infected link in an email or by visiting a bogus website.

These threats are real and are occurring all the time. According to data published by MAKEUK in their Cyber Resilience – The Last Line of defence report in May 2021,  47% of UK manufacturers reported that they had suffered a cyberattack in the past 12 months.  Of those companies that experienced an attack, 63% said it cost them up to £5,000 while almost a quarter (22%) revealed a cost to their business of between £5,000-25,000.

You can read the MAKEUK report here.

In our real-life scenario below, the machinery manufacturing business targeted had a similar operational set up to many companies in the same sector and no contingency plans in place to manage recovery in the event of a cyberattack. They also did not have cyber insurance.

Manufacturing incident example

The firm was infiltrated by a seemingly innocuous email which contained an infected link. A member of staff opened the email and clicked on the link, letting the cybercriminal into their systems and able to deposit malware. All files on the company shared server, which was based locally, were encrypted, and could not be released unless the ransom was met. The ransom in this case was for bitcoin.

Whilst no client data was involved, engineer instalment diaries were removed along with operational data, which made the day to day running of the business impossible.

The company decided not to pay the ransom, opting instead to reinstate their systems from backups, but these had not been kept up to date, which meant that they lost valuable data. The engineers’ diaries were missing so schedules were completely disrupted, affecting customer relationships.

Additionally, to improve email security, new email addresses were set up for all UK staff, using European head office credentials. This took considerable time and effort and required all clients and suppliers to be updated with new contact details.

These measures were taken by the company reacting to the event. A cyber security expert may have taken a different approach to the management of the incident, and if cyberattack prevention procedures had been in place, the attack might not have occurred at all, or had a lesser impact.

Before spending money on cyber security experts, there are some straight forward and free steps you can take to improve your protection against a cyber event.

You should carry out a full risk assessment so you can identify areas of vulnerability. Look at which areas of the business would be most affected by a cyber security breach.

Using this data, create a cyber contingency plan, so in the event of a cyberattack, you know exactly how you are going to respond. Plan your steps to recover and who will be responsible for what. The plan should be tested regularly to highlight any weaknesses. Remember, a quick and considered response and will help to limit any damage from the cyber incident.

Antivirus software is advisable, but it’s not fool proof. You should therefore educate your employees on what to look out for, so they are able to spot a potential threat before it wreaks havoc on your systems. Read our guide on how to spot a phishing email.

Introduce multi-factor authentication into your systems. This authentication method requires a user to provide two or more verification factors in order to gain access to a resource such as an application or online account.

Limit the number of people that can approve/action financial transactions and reinforce your payment/fund transfer procedures.

Change passwords regularly and ensure they are as strong as possible.

Back up data regularly, so if you do need to reinstate your systems, you are using the most current data.

Along with the internal changes that you can make you should also check the cyber security robustness of any supplier or organisation that links with your digital systems. It might not be you that causes the weak link.

To provide robust protection, an element of financial investment is recommended. To support any internal changes and procedures, you should consider cyber insurance as part of your cyber risk management plan.

If your data is compromised because of a computer related crime such as a cyber-attack (hacking, malware, phishing) you are covered for the financial costs involved to get your business back up and running again. It also covers any compensation that may be payable to the people whose data was lost, along with associated legal costs.

Cyber insurance will assist with data recovery, business interruption, legal costs and potential compensation claims, meeting ransom demands, costs incurred when informing clients and suppliers of the breach and restoring equipment.

You can also look at engaging the help of cyber security experts who can assist with recovery in the event of a major attack. If you hold client data within your systems and they are compromised, you might benefit from expert assistance. Any data breach that unlawfully exposes personal data must be reported to the Information Commissioner’s Office (ICO) within 72 hours.

Some cyber policies can be arranged to provide an emergency response team who will manage the crisis from the moment the breach is discovered.

You might need IT, legal and PR advice, or assistance with the restoration of emails, online systems and software. In the event that you don’t have experts in these areas already working in your business, access to cyber security experts that can provide these services might prove critical in disaster recovery.

We highly recommend that your cyber security measures include all the elements that you need to protect your manufacturing business from a cyberattack, whether from a small or large scale event. With the continuing rise in incidents within the manufacturing industry it is far better to be prepared than to have to react during an incident.

What to do next?

If you want to ensure that you are in the best possible position to deal with a cyberattack, then you can speak to one of our experienced brokers who will be pleased to help. We will work closely with you to understand how your manufacturing business operates and highlight any potential areas of risk. Together we will create an insurance package that will bring you complete peace of mind.

Get in touch today by calling us on 01480 272727 or send an email to enquiries@barnesinsurancebroker.co.uk

We’re here and ready to help you protect your business.