Learn More
Complimentary Dark Web Risk Reports

Immediately improve visibility of your organisations dark web exposure with our Dark Web Risk Report, zero obligation and free of charge. It only takes 60 seconds to request a report.

Linkedin-in

Manufacturing sector’s overconfidence in cyber resilience

New research by Threat Detection & Response provider, e2e-assure, reveals cyber risk owners in Manufacturing are displaying overconfidence in their internal resilience, with 76% believing they are resilient as an organisation. This contrasts with the majority (77%) of Manufacturing employees who confessed they have seen a colleague breach cyber security practice.

As a consequence of this over confidence in their resilience, Manufacturing cyber risk owners are not prioritising cyber security training for employees, with less than a quarter (24%) of organisations stating they offer training.

The research, however, also found that 82% of cyber risk owners in the sector admitted they have experienced a cyber attack, up from 78% last year. This indicates that they might have a closer eye on external threats than their overall holistic cyber resilience – perhaps understandable given that downtime from a successful ransomware attack can cost millions due to lost production and supply chain disruption. It might be tempting for cyber risk owners to focus on these more visible and tangible risks, with internal vulnerabilities falling into their periphery.

This lack of training is a concern however, considering Manufacturing organisations often rely heavily on legacy systems, due to the risk in downtime associated with replacing them. These legacy systems however don’t easily ‘plug in’ to advanced cyber security technology, leading to coverage gaps, and making it harder to detect and respond to abnormal employee behaviour, which might signal malicious threat actor behaviour.

As a result of this lack of training, only 23% of employees are reporting incidents to IT, with a lack of knowledge paralysing employees into inactivity.

In addition, only 6% believe cyber security is the collective responsibility of the organisation (including themselves). This contrasts with most employees (54%) who believe cyber security is the responsibility of the IT team (the highest out of all the sectors surveyed). This indicates that employees are unaware of their own role in ensuring companywide cyber resilience, believing the IT team has it all under control.

This level of assurance could be leading to disengagement in training, backed up by the fact that only 36% of employees in this industry say they are ‘very engaged’ in cyber security training. This contrasts with the vast majority (76%) of cyber risk owners in Manufacturing who say their workers are engaged in cyber security training.

The research also found that 44% of cyber risk owners in Manufacturing rely on an outsourced SOC provider (the second highest of all sectors surveyed), yet the number of inbound cyber attacks against organisations in the sector is rising number.

The rising adoption of AI, which is posing a real challenge for all sectors including Manufacturing, is having an impact. The sector has the highest employee usage of Open AI compared to all the sectors surveyed – with 37% of employees using it every day or at least once a week.

Even though 80% of cyber risk owners in Manufacturing are confident of the current AI policies in place at their organisation, over half (52%) of employees say that although they know that AI policies exist, they have no idea what they are.

The report reveals that this combination of the highest use of AI, coupled with employees’ lack of awareness of current AI policies in place, could result in large difficulties for effective Detection & Response within Manufacturing.

 

Rob Demain, Founder and CEO at e2e-assure, said:

 

“With so many employees disengaged in cyber security due to a lack of focus on training, despite a high proportion of workers witnessing colleagues breach best practice, it’s imperative that cyber risk owners implement training programmes that help people understand aspects of cyber security, such as the risks of AI, and the best practices for using legacy systems securely.

“Cyber risk owners must also seek to understand employees’ behaviour around AI usage and educating them about the risks. This will serve to embed the belief that cyber security is a collective responsibility, ultimately driving up cyber resilience.”

 

The findings show it’s vital for cyber risk owners to start looking at their resilience picture holistically, with four key recommendations emerging:

 

  1. Tailor training to engage employees
  2. Create a security awareness culture
  3. Use automation to reduce human error
  4. Have the right provider in place

 

To read the full report visit this link.

Related Posts

Risk, Regulation & Robots: Key Takeaways from the British Legal Tech Forum

The British Legal Tech Forum brought together some of the brightest minds in cyber security, legal tech, and regulatory compliance to discuss the ever-evolving risks

Read Article

Top 5 Dark Web Monitoring Benefits to UK Enterprises

Dark web monitoring benefits enterprise organisations by giving visibility of otherwise is a hidden cyber criminal activity on the dark web. Many organisations don’t realise

Read Article
Download Now

Latest Report: Future Proofing AI Adoption

In our latest independent research we surveyed 500 cyber risk owners and 1000 employees, to truly understand future internal threats for businesses in 2025. Read now to gain valuable insights on workforce disconnect and the threats from AI adoption.

Our Services
Navigation
Contact
Connect with us
Linkedin-in
Proud supporters of
sasig logo
Socitm partner badge 2025
© e2e-assure Ltd, 2024. Registered in England and Wales – Company number 08732893