According to a new report from Capgemini - ‘Smart & Secure: Why smart factories need to prioritize cybersecurity’ - 51% of industrial organisations predict that there will be an increase in smart factory cyberattacks within the next year.
But, almost half of organisations don’t sufficiently prioritise this threat as one of their main concerns. In fact, 47% of organizations still don’t classify cybersecurity in smart factories as a C-level concern.
The rise of smart factory cyberattacks
The Capgemini Research Institute surveyed 950 organizations and interviewed industry leaders across a variety of sectors, including heavy industry, chemicals, pharmaceutical and life sciences, consumer products, automotive and defence.
The rise of the IoT and the consequent Industry 4.0 evolution has made smart factories a prime target for cyber criminals.
In fact, last year, manufacturing overtook financial services as the most attacked sector. But, the sector is surprisingly slow to respond to the threat.
53% of smart factories experience a problematic disconnect between the C-suite and smart-factory leaders
The report from the Capgemini Research Institute revealed that very few manufacturers have mature cybersecurity practices in place.
According to the report, the main factors that security-conscious managers need to overcome are a lack of C-suite focus amongst management, a limited budget, and human factors.
In fact, 53% of respondents mentioned a disconnect between the C-suite and smart-factory leaders, saying that the lack of collaboration between smart-factory leaders and CSOs is hindering the organizations’ ability to detect cyber-attacks early.
Alongside this, another key human factor at play here is a cybersecurity skills gap.
Surprisingly few organizations said that their cybersecurity teams have the required knowledge and skills to carry out urgent security patching internally. Despite this, however, there is no clear cybersecurity leader that is introducing upskilling training.
“The benefits of digital transformation make manufacturers want to invest heavily in smart factories, but efforts could be undone in the blink of an eye if cybersecurity is not baked-in from the offset,” warns Geert van der Linden, the Cybersecurity Business Lead at Capgemini.
“The increased attack surface area and number of operational technology (OT) and Industrial Internet of Things (IIOT) devices make smart factories a prominent target for cyber criminals. Unless this is made a board-level priority, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and the C-suite.”
The key findings from Capgemini’s cybersecurity report
- Out of the firms impacted by cyberattacks over the last year, almost a third (28%) had seen an increase of employees or vendors bringing in infected devices. This makes people the top threat to cybersecurity.
- ‘Cybersecurity Leaders’ - who deploy mature practices across the critical pillars of cybersecurity - outperform their peers in multiple aspects. This includes being 28% more likely to recognise attack patterns at their early stage of deployment, and 31% more likely to reduce the impact of these attacks.
- Only 51% of respondent organisations build cybersecurity practices in their smart factories by default.
- 77% of respondents are concerned about the regular use of non-standard smart factory processes to repair or update OT/IIOT systems.