Study shows small manufacturers’ role in supply chain security, need for awareness program improvements

A survey jointly conducted by international IT organization ISACA and the Digital Manufacturing and Design Innovation Institute (DMDII) emphasizes the importance of small manufacturers when addressing the cybersecurity of the greater supply chain.

The two organizations reached out to 167 participants in August 2018 for the survey, then compared the results against ISACA’s 2018 State of Cybersecurity and 2018 Cybersecurity Culture research findings. The issues are many — from basic employee error to coordinated cyber espionage attacks — but all are complicated by an industry that struggles to acquire cybersecurity staff and underspends on security training. Thirty-two percent of those surveyed, though, noted that they experienced more cybersecurity attacks this year than previously.

Study participants had a majority of disbelief in their companies’ cybersecurity awareness programs with only 37 percent believing they were adequate, despite 75 percent of these organizations boasting such a program. Further, nearly half of manufacturing organizations spend less than $1,000 on average each year toward education, putting them at a far more disturbing percentage than in other industries. For all this, companies do appear to know their danger — 81 percent of them noted concerns stemming from personal, internet-connected devices.

None of this is helped by the 1.8 million worker shortage these companies expect to hit in cyberstaff positions by 2022.

“Though the manufacturing industry has made great strides in addressing security issues, this research illustrates the need for organizations to elevate cybersecurity as a priority to build the foundation of its cybersecurity culture, better secure their operations, and strengthen the global digital economic ecosystem,” Frank Downs, director of Cybersecurity Practices at ISACA, said. “Partnerships and information sharing, like ISACA’s collaboration with DMDII on this study, are becoming increasingly key to accomplishing these goals.”

Seventy-eight percent of organizations, however, did report that they do have a formal process for dealing with cybersecurity incidents and 77 percent of respondents were confident in their security team’s abilities to respond. Nearly as many — 74 percent — believe their training budgets are likely to increase or be maintained in the coming year, as well.