According to new research by Make UK and BlackBerry, more than two in five (42 percent) UK manufacturers have been a victim of cybercrimes in the past 12 months.
Additionally, of those organisations that did suffer an attack, over a quarter (26 percent) incurred substantial financial losses, from £50,000 to £250,000.
With pandemic-induced supply chain distribution subsiding, the manufacturing industry has a new challenge on its hands, in the form of more frequent and pervasive cybersecurity breaches.
To mitigate these threats, the overwhelming majority of large companies conduct extensive due diligence procedures on suppliers and vendors before they are selected to provide or produce materials, components, services, or software.
In addition to this, almost every large company’s due diligence process contains an IT security diligence section. This is a great start, but falls short of a robust, risk-mitigating cybersecurity strategy.
Of course, there is always going to be an element of inevitability in business practices and processes of a supplier changing. But very few companies actually make it a requirement for suppliers periodically to update IT security diligence data. As a result, process changes go unreported and un-monitored.
Even when companies do collect IT due diligence data, their spreadsheets or documents are filed on a server and, after an initial review, essentially forgotten. This leaves little to no infrastructure in place when it comes to flagging potentially vulnerable suppliers. This means the door is left wide open for cyber criminals, allowing them to wage war on a company as well as its many suppliers.