In charts: Industry leaders gain ‘false sense of cyber security’
Three-quarters of manufacturing companies say they are aware of cyber risks and can deal with most of them, but in reality many do not yet have the skills and security practices to do so, he said. a new investigation.
In a survey of 350 industry groups in Europe and the United States, conducted by the Financial Times’ Longitude research and consulting business, 75 percent reported that they either knew there was a cyberattack on their operations ( 40 percent) or had consciously done so. avoided an attack (35%).
Of those who suffered a cyberattack or data breach, nearly half said it affected their profits, while four in ten acknowledged that there had been reputational damage as a result and a reduction in sales. .
Medium-sized businesses, valued at between $ 500 million and $ 1 billion, emerged as the most likely to be successfully attacked by hackers or cybercriminals, with 49 percent admitting that they had “consciously suffered a cyberattack “. In comparison, only 41 percent of groups of more than $ 1 billion and 36 percent of smaller companies, below $ 500 million, experienced attacks. Large companies were the most likely to have avoided an informed attack: 44% said they had succeeded, compared to only 29% of medium-sized companies.
But despite its greater vulnerability, the “narrow middle ground” of the manufacturing industry appears to be less prepared for various cyber attacks than larger or smaller groups. Of the usual five types of attack, medium-sized companies had the lowest level of readiness for four of them: scam; phishing (where scammers trick companies into revealing payment information); “home-in-the-middle” attacks (where criminals intercept and exchange secure messages between parties); ransomware (where data is “locked” with encryption and is only released for rescue); and SQL injection (where malicious code is used to access databases).
And it was found that “cyber hygiene” (conducting proper security practices) was deficient in companies of all sizes. Only a quarter made connecting via virtual private networks mandatory; only a third asked staff to change their passwords and required mandatory software updates; less than half backed up the data regularly or organized industry-specific cyber training.
Often, senior management did not ensure that there were strong systems of cyber governance. Only 36 percent of manufacturing groups gave a board member direct responsibility for cybersecurity or reported it each year. Less than half operated a company-wide security policy or held their company staff accountable for cybersecurity.
The Longitude survey found that a small number of manufacturers were taking effective measures to protect their operations by investing in technology, insurance and specialist advice. More than half are investing more in cloud computing security measures, safeguarding their computer networks and preventing attacks via interconnected devices (the “Internet of Things”).
However, the disparity between the stated confidence of most companies and their limited skill sets and preparations led researchers to question their “false sense of security.”