Skip to content Skip to footer

Loading Results

Re-inventing manufacturing: investing in the future, investing in security

The manufacturing sector has its sights firmly set on a digitally-enabled future.

Piloting an agile course out of the pandemic, leaders in aerospace, automotive and industrial manufacturing recognise that digital technology is no longer part of their business - it is their business.

The results from our Manufacturing Operations Pulse Survey 2021 reveal investment in data and new platforms, systems and channels is now paramount; the findings showed that 63% of UK manufacturers are prioritising cyber security over the next 1-2 years. Manufacturing sectors face an increasingly digital future; 81% of UK firms plan to increase technology budgets in the next 1-2 years, and hence manufacturing leaders are acutely aware of rising attacks against operational technology. This article looks at why the manufacturing sector is different to other sectors, what are we seeing regarding current trends around threat vectors, the key drivers behind current security risks and how business leaders can think differently to help keep their operations and systems safe and secure.

Why are manufacturing businesses different from those in other sectors?

Manufacturing businesses have more than just traditional IT which usually covers the corporate environment (think desktops and servers). They make the most of other systems and platforms to run their day-to-day operations - known as operational technology (OT) this includes supervisory control and data acquisition (SCADA), industrial control systems or process control domains.

IT and OT environments are different in that ownership of IT in an organisation tends to sit with the Chief Information Officer (CIO) with purchasing the responsibility of the Chief Information Security Officer (CISO). By contrast, ownership of the OT environment and who is responsible for keeping it secure varies. In some organisations, this responsibility is federated across different sites and plants, while in others the responsibility might sit with the production side of the business, such as the Head of Production Quality or Head of Engineering or Operations.

What is driving the risks that we’re seeing?

As seen from the COVID-19 pandemic, it is crucial that if a business is to survive and succeed in challenging times, they must demonstrate agility and speed in their response to a crisis. This behaviour must also be extended when considering the additional risk faced by industries with OT environments. There are a collection of factors that we think that are driving the additional risk:

  • ‘Industry 4.0’: 78% of UK manufacturing businesses are prioritising IoT technologies to modernise manufacturing and industrial practices, but this also increases the ‘attack surface’ that threat actors are able to target.
  • The convergence of IT and OT environments, which were previously air-gapped. As digital technologies are put in place, these gaps are increasingly being bridged. Attackers are now more easily able to move from the IT environment, over the bridged air-gap, and into the OT environment.
  • Legacy OT systems - such systems tend to be difficult to patch and are therefore more easily exposed to compromise.

What can manufacturing leaders think about to help keep their systems safe and secure?

A few factors need to be considered, including:

  • Business resilience and recovery. What would you do if you were hit by an attack against your OT estate? How would you keep your mission critical operations running? How would you recover any data that was impacted that might be required to support OT technologies, for example, telemetry from a production site or plant?
  • Risk to your business, suppliers and customers. Are you thinking about OT security in the round? An understanding of your estate, the assets and the systems involved is crucial. So, too, are suppliers and, of course, the people and workforce that operate your critical business infrastructure.

These are themes that we will explore in more detail in our next article. For more information please contact Sean Sutton, James Hunt or Daisy McCartney.

The topic of this blog was discussed in our recent Cyber Security Excellence in Manufacturing webinar, the first in our Building Agility in Manufacturing Webinar Series. The next event will focus on the value of supply chain visibility in building resilience. Register your interest in attending.

Contact us

Sean Sutton

Sean Sutton

Partner, Cyber Security, PwC United Kingdom

Tel: +44 (0)7483 407797

James Hunt

James Hunt

Senior Manager, PwC United Kingdom

Tel: +44 (0)7701 296796

Follow us