This is the seventh edition of the EEF’s Executive Survey, where manufacturers' look at the growth opportunities and challenges that lie ahead, in partnership with AIG. The survey takes a look at companies' expectations for growth in their business, across the UK economy and globally. The survey also provides an early warning of some of the issues that could knock these predictions - which are largely positive for 2018 - off track. Some standout developments for 2018 include the inevitable cornucopia of challenges that could come with the ramping up of Brexit negotiations.
But outside of domestic politics, as manufacturers have been investigating what the fourth industrial revolution means for their business, their heightened awareness of the risk of cyber-attacks is clearly evident this year.
This year's EEF annual survey highlights the importance of two key issues to businesses: minimising risks around their supply chains (exacerbated by Brexit and recent natural disasters), and addressing emerging cyber exposures. We focus on the latter in this piece, noting that even cyber and supply chain risks are connected.
Awareness of cyber risk has grown substantially. So what are the threats and how should manufacturers be looking to respond?
At a time when Brexit is dominating concerns about the future, cyber risk stands out as a largely unrelated threat that is rapidly rising up the risk agenda. In the past, manufacturers could have been forgiven for thinking they were relatively sheltered from the cyber risk, but the summer of 2017 has turned this thinking on its head.
The WannaCry ransomware attack crippled organisations from a wide range of industry sectors around the world, spreading indiscriminately and causing lengthy and costly business interruption. The attack was followed by a fresh strain of the Petya ransomware, which further exploited the same Microsoft Windows vulnerability. Some systems were down for several weeks, costing billions of dollars in lost revenue. While the worm was not specifically designed to target operations technology networks, WannaCry impacted several large manufacturers.
Concern over cyber risk is also likely to be driven by growing compliance responsibilities. The European General Data Protection Regulations (GDPR) are coming into force in May this year with strict rules regarding collection, use and storage of sensitive data. Companies that experience a breach will be required to notify stakeholders and there will be steep fines and penalties for firms that have inadequate controls and protections in place.
Losing the 'air gap' defence
At a time when manufacturing and engineering companies are looking to further automate production and have greater supply chain flexibility, it is also clear that a connected world is also a more vulnerable one. The 'air gapping' defence of industrial control systems no longer exists in a world of connected devices, where something as benign as a smart thermostat can be exploited as a way in by hackers.
It is clear that cyber risk can impact manufacturing and engineering organisations in numerous ways, including the disruption to production resulting from ransomware and denial of service attacks, as well as the costs and reputational fallout associated with data breach attacks. Physical damage resulting from a cyber incident is also possible, although not all insurance policies provide affirmative cover. It is important for organisations to consider how different cyber scenarios could play out, with help and guidance from insurance brokers. Mapping these exposures against their suite of insurance policies will show how they should respond and whether there are any exclusions or gaps that can be identified and dealt with.
In addition to risk transfer, brokers and cyber insurers offer pre-loss services, working with insureds to ensure they maintain standard systems hygiene in order to avoid being the low-hanging fruit. With the knowledge that it is now impossible to prevent every attack, even with the best security and systems in place, companies should also practise their breach response, so they can take swift action when their systems are compromised.
EEF the manufacturers' organisation
EEF is dedicated to the future of manufacturing. Everything we do is designed to help manufacturing businesses evolve, innovate and compete in a fast‑changing world. With our unique combination of business services, government representation and industry intelligence, no other organisation is better placed to provide the skills, knowledge and networks they need to thrive.
We work with the UK’s manufacturers from the largest to the smallest, to help them work better, compete harder and innovate faster. Because we understand manufacturers so well, policy-makers trust our advice and welcome our involvement in their deliberations.
We work with them to create policies that are in the best interests of manufacturing, that encourage a high growth industry and boost its ability to make a positive contribution to the UK’s real economy.
Our policy work delivers real business value for our members, giving us a unique insight into the way changing legislation will affect their business. This insight, complemented by intelligence gathered through our ongoing member research and networking programmes, informs our broad portfolio of services; services that unlock business potential by creating highly productive workplaces in which innovation, creativity and competitiveness can thrive.