Posted By David Brousell, April 22, 2014 at 1:44 PM, in Category: The Adaptive Organization
Cybersecurity has become established as an on-going business issue for manufacturing companies. This may come as no surprise given the increased frequency and notoriety of cyber attacks on businesses and other organizations. But, even though executives at manufacturing companies acknowledge the problem, many appear to be still in the process of putting together a rational strategy to deal with it.
That’s one of the major findings of a new Manufacturing Leadership Council poll on cybersecurity. The poll also revealed gaps between the perception of cyber threats and companies’ allocation of resources to deal with those threats as well as a clear indication that many expect the problem to worsen in the years ahead.
In terms of cybersecurity as a business issue, 47% of poll respondents characterized it as highly important, while another 42% termed it of moderate importance to their business. Interestingly, 42% said their companies had already suffered at least one cyber attack, but nearly half of these characterized the impact on their operations as mild. Over the next 5 years, however, 69% of respondents expect the cyber issue to become more important.
Today’s perceptions and realities of the cyber threats, coupled with the rising cyber risks that respondents anticipate in the years ahead, sheds light on another key survey finding: how manufacturing companies are approaching the threat strategically. An impressive 44% of the sample said their companies have formal plans and strategies in place to deal with cybersecurity. Another 22% said their approach is informal at this time. Nearly one-third, though, either has no plan in place or is in the process of formulating one.
While cybersecurity is an important business issue for manufacturers, it has to be considered in the context of a range of business issues that any manufacturing company has to deal with as a matter of course. When looked at in an overall business context, cybersecurity has taken its place on the radar screen, but it hasn’t risen to the level of being a paramount business issue.
Nearly 70% of respondents indicated, for example, that financial performance and customer satisfaction are issues of greater importance than cybersecurity in their companies. And nearly half also said that workforce skills and hiring command greater attention as well.
Moreover, when respondents were asked how their companies execute on the cyber threat, some interesting contradictions emerged. The existence of a budget for cybersecurity software, training and education was confirmed by only 42% of the respondents, with another 44% saying there is no budget at this time. And, even though a majority, 53%, said their companies provide cybersecurity training, 54% also say that training is informal, occasional and often driven by individuals.
Most concerning to survey respondents about the cyber threat is intellectual property theft. Twenty-seven percent of respondents identified it as a significant threat. Twenty-four percent identified general business disruption as a significant threat. Only 13% said they were worried about suffering financial losses from a cyber attack.
Predictably, mobile devices and e-mail servers were cited by respondents as the most vulnerable systems in their companies. A powerful majority, 75%, said they thought the presence of more mobile devices in their business environments has increased cybersecurity vulnerability. And 40%, the highest finding in the survey section on business process vulnerabilities, said that they were most concerned about the vulnerability of social media networks.
And what do survey respondents think would help most in combatting cyber incursions? The answer to this question is a mixed bag. Just less than one-third think the answer lies with better corporate policies and best practices, while just over one-quarter puts its money on increased employee awareness and better training. And fully one-third thinks that better technology will lead to improved security.
What manufacturers are in strong agreement on is that the answer won’t come from government or better law enforcement. Only 4% put any faith in either of these resources.
Now that cybersecurity has firmly been established as an important business issue in manufacturing companies, I believe that greater discipline and systemization in dealing with the threat will inevitably come over time. Companies will set increasingly clear roles and responsibilities for those charged with dealing with the issue, fund education and training to improve prevention efforts, and they will measure their efforts over time and establish goals and benchmarks for continuous improvements.
We are all now in the business of cybersecurity.
Written by David Brousell
Global Vice President, General Manager and Editorial Director of the Manufacturing Leadership Council