My colleague Simon Gallimore wrote recently about the threats that manufacturers are facing. Brexit has the news agenda and is dominating attention but nobody can ignore cyber risks.
Our research in conjunction with the EEF – the manufacturers’ organisation – reveals that nearly half of manufacturers have been the victim of cyber-crime, with the sector now the third most targeted for attack. In 2017, AIG in Europe received the same number of claims that it had done in the previous four years combined, and is now handling on average a cyber claim a day.
And with the sector becoming more automated, the threat is increasing. So, how can manufacturers avoid shooting themselves in the foot by addressing the basics of cyber security?
First, don’t stick your head in the sand. There is a very high chance that you will be targeted at some point – in reality it is a question of when rather than if. It also doesn’t matter what size your business is; hackers don’t just target multinational giants. They are quite happy to go after a few thousand pounds from small to medium-sized businesses (although the ultimate cost to you may be much higher in terms of business interruption and reputational damage). Indeed, SMEs are often softer targets who are less well protected. Cyber security might be a complex area but simply ignoring it won’t make it go away.
Secondly, make sure that everyone understands the issue. From the shop floor up, all staff need to be aware of the threats they face and what to do and – importantly – not to do. People are your weakest link. Whether it’s leaving a laptop on the train, clicking on an infected attachment in an email or inadvertently (or otherwise) letting someone use your credentials to gain access to the company network, human error is a primary cause of cyber breaches. Ensure your staff use pass’phrases’ (generating a password based on a memorable phrase to make it longer), instead of passwords. Companies need to create a positive culture around cyber security in the same way that they would treat health and safety.
Next, don’t make it easy for attackers. The vast majority of cyber-attacks are simple in nature, untargeted and unsophisticated. They are designed to prey upon systems without even the most rudimentary protection measures; the digital equivalent of a thief trying your front door to see if it’s unlocked. So, make sure at a minimum you have a firewall in place, run antivirus software and choose the most secure settings for your devices and software. And don’t forget, cyber defence is an on-going process – keep your operating systems and software up-to-date and running the latest security patches. It’s also a good idea to implement the government’s Cyber Essentials, a set of basic technical controls to help you protect your business against common online security threats and demonstrate your commitment to cyber security.
But all this is really just the tip of the iceberg. Threats are evolving rapidly so if you haven’t talked to someone recently about the cyber risks your business is facing, don’t put it off. Leading insurance companies offer a range of risk management services and protection tailored to manufacturers – get in touch to find out more about AIG’s latest offering or take a look at our recent Cyber-Security report in conjunction with the EEF and RUSI which offers tips and insights.
Watch out for the next article in this series with details of our new cyber product specifically designed for manufacturers.
AIG is a partner of the EEF, the Manufacturers’ Association.