How vulnerable are industrial products companies to cyber threats?

January 26, 2016

Post image for How vulnerable are industrial products companies to cyber threats?

By Robert McCutcheon, Partner, US Industrial Products Leader

Data have become valuable as a means of understanding the customer, increasing efficiency, and gaining competitive advantage. This growth in value is also attractive to hackers, who can reap the rewards of stealing and selling data. It’s likely that as businesses increasingly use data and data analytics, there could be more cyberattacks.

Most industrial products (IP) companies understand and are aware of these threats, according to  The Global State of Information Security® Survey 2015. So why did they reduce their information security budgets by 15 percent in 2015?

While I find this slightly puzzling, it’s possible that 2015 is an outlier and not a trend. There was a significant increase in spending the year before, and estimated total financial losses from security incidents declined 24 percent. It appears that the spending increase helped to mitigate the threat of cyberattacks. Perhaps, then, businesses are feeling secure in their current ability to avert incidents.

But, looking more closely, I see some evidence to the contrary. While financial losses declined, the number of incidents increased. The theft of “hard” intellectual property, such as product designs, doubled in 2015, while loss of “soft” IP business processes climbed 27 percent over the prior year. Yet, respondents detected 25 percent fewer information security incidents than the year before.

What’s going on? I’ll go out on a limb and say that maybe IP companies might not be as secure as they imagine they are. As IP companies continue to change the way they do business, such as using the Internet of Things to run their plants and enhance operations, they become more vulnerable to cyberattacks. In the near future, when businesses start to realize the benefits of 3D printing for high-volume production, it will increase risk to trade secrets and intellectual property.

Currently, about two-thirds of IP respondents say they have an overall security strategy. Businesses have implemented different types of programs to defend against threats, such as establishing security baselines for third-parties (59%), appointing a head of security (58%), and implementing employee training programs (56%). The vast majority of organizations have also adopted risk-based cybersecurity frameworks such as the NIST Cybersecurity Framework or ISO 27001.

Even though fewer security incidents were reported this year, it’s important for industrial products companies to continue investing in this space.

 

Print Friendly, PDF & Email

Previous post:

Next post: