How Secure Is Manufacturing?

Study finds that manufacturing industries struggle to find skilled cybersecurity staff and are underspending on training – but it's not all bad news...

Larry Loeb, Blogger, Informationweek

February 8, 2019

3 Min Read

Manufacturing has not attracted a lot of the security glitz afforded to other sectors. Yet prior research has found manufacturing to be the most targeted sector for coordinated cyber espionage.

The Information Systems Audit and Control Association (ISACA) and the Digital Manufacturing and Design Innovation Institute (DMDII) partnered to survey the global manufacturing sector and see what was going on. The survey involved 167 participants from across ISACA, DMDII and the Manufacturing Extension Partnership stakeholders.

The organizers admit the survey had a small sample size, but say they have "plans to expand this research with a larger-scale survey in the future."

The results from the study found that manufacturers are still involved with security concerns including those related to Internet of Things (IoT)-integrated devices along with employee security and errors those employees may cause. Respondents also continue their struggle to deal with finding skilled cybersecurity staff and are probably underspending on security training.

However, positive results were found on many fronts compared to other sectors.

  • 78% of manufacturing organizations have a formal process for dealing with cybersecurity incidents, and 68% have one for ransomware attacks.

  • 77% expressed confidence in their security team's abilities to detect and respond to advanced persistent threats (APTs).

  • 34% noted they were experiencing more cybersecurity attacks today than a year ago, compared to 62% across all industries from ISACA's 2018 State of Cybersecurity survey.

  • 74% indicated they believed their organization's cybersecurity training budgets would either increase or at least be maintained at current levels; only 4% anticipated a decrease in the coming year.

There were still areas that needed attention paid to them.

  • 75% of manufacturing organizations have a program in place to promote cybersecurity awareness among their employees, but only 37% believe that their programs are very to completely effective.

  • 47% of manufacturing organizations are spending less than US $1,000 on average each year on continuing education opportunities for their staff -- versus 25% in other industries -- and nearly 1 in ten reported that their enterprises spent nothing on average each year on these educational opportunities.

  • 81% of manufacturing organizations are somewhat to very concerned about the potential cybersecurity risks with personal, Internet-connected devices. Fifty-eight percent don't allow those devices to connect to the corporate network and 72% don't allow those devices to connect to the corporate network on the manufacturing floor. BYOD is not in fashion in the manufacturing sector, it seems.

Finding skilled cybersecurity staff remains a problem for manufacturers. Respondents indicated it takes an average of five months to fill open positions and 61% of hiring managers said less than half of applicants are qualified.

Frank Downs, director of cybersecurity practices at ISACA, said in a prepared statement that, "Though the manufacturing industry has made great strides in addressing security issues, this research illustrates the need for organizations to elevate cybersecurity as a priority to build the foundation of its cybersecurity culture, better secure their operations, and strengthen the global digital economic ecosystem."

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Read more about:

Security Now

About the Author

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights