This post is the first in a series of blog posts written by Roy Seaman, our Percy Hobart Fellowship 2021 fellow from the Royal Marines. We’re calling the series “Posting Roy”

The COVID pandemic will go down as one of those memorable moments in history that has made its mark on the working world. Forcing the working world to transform from a traditional working model to a remote working model and likely to form a hybrid model going forward into the future. It is fair to say the cyber criminal’s world has been made much easier to operate in if businesses fail to address the very real cyber threat that is out there. The unforeseen short disruptive transformation from a traditional working model to a remote model has meant that focus has switched to tech to maintain business operations. This has meant a reliance on bringing your own device (BYOD) which subsequently means an increase in vulnerable pathways that cyber-criminal activity has been able to exploit.

Bridewell Consulting commissioned the “CNI Cyber Report: Risk and Resilience” which found that 86% of CNI organisations have detected and experienced operational technology (OT) and industrial control systems (ICS) cyber attack over 2020. Ninety-three percent of organisations admit to at least one successful attempt and 24% more than 5 successful attacks. Given that only 42% of OT/ICS environments are not accessible from the internet and only 28% are confident their OT systems are protected the numbers aren’t all that surprising. Eighty-five percent of decision-makers have felt an increase in pressure to improve cybersecurity control for the OT/ICS environment over the last 12 months. The Enterprise Strategy Group research insight paper “Threat Detection and Response in Manufacturing, Current and Future Use Cases for Deception Technology” states that 49% of organisations claim that IT and OT are tightly integrated. The irony is 84% of CNI organisations predict a cybersecurity skills shortage within 3 -5 years, 32% reduced their cybersecurity budget over the COVID period and experienced a 50% increase in attacks during the pandemic. The knock-on effect on the manufacturing sector is huge. 

PriceWaterhouseCoopers (PwC) 2020 Annual Manufacturing Report identifies that 90% of consumer goods manufacturers prioritise digital transformation as a top 3 concern. Eighty-seven percent of manufacturers believe digital manufacturing technologies (smart factory technologies) will accelerate innovation and design development and 89% believe it will improve supply chain relationships. Seventy-one percent said they are already bringing OT and IT together to digitise their business. Cloud computing will be a big part of the digital transformation making data that is real-time use and disruptive technologies such as the Internet of things (IoT) to make a “new experience” for employees and customer experience. This means the challenge of maintaining secure cyber domains will be made even more complex and will become critical in all parts of business operations.  The cyber criminals ability to operate is growing and is currently faster at innovating according to the Nippon Telegraph and Telephone Corporation (NTT) 2020 Global Threat Intelligence Report.

Finally, if the UK manufacturing sector is going to transform and aspire to be world-leading innovators, it needs to embrace integrated smart factory technology and the cybersecurity risks that ensue. For success to occur businesses need to prioritise cybersecurity; to lead the way for following innovative technology. When you compare the two reports we can see attitudes towards cybersecurity need to improve and the pandemic has shone a light on weaknesses within the sector. The National Cyber Security Centres (NCSC) Cyber Security Information Sharing Partnership (CiSP)  has a good basis showing the UK government recognises the cyber threat needs to be tackled as a collaborative. Businesses need to ensure their organisations are doing their part and taking the necessary precautions to beat cyber criminals.