A blog by CeeD MD Joe Pacitti.
The manufacturing sector is undergoing a digital transformation globally. A vital contributor to the economy in the UK, the manufacturing sector here too is undergoing a digital revolution. With the integration of Information Technology (IT) and Operational Technology (OT) alongside advancements in Artificial Intelligence (AI) and digitalisation it has unlocked unprecedented efficiencies.
However, this convergence has also expanded the attack surface for cyber threats, making cybersecurity and resilience critical priorities.
Cost of Cyberattacks
The manufacturing sector has become a prime target for cybercriminals globally, surpassing most other industries. In 2024, manufacturing accounted for 25% of all cyberattacks in the UK, with ransomware being a significant threat. The average cost of a ransomware attack in the sector was £1.5 million, including downtime and recovery expenses. These attacks not only disrupt operations but also erode customer trust and damage reputations.
Sensitive data is compromised and stakeholder confidence eroded, not to mention the financial and operational impacts, all of which underscores the urgent need for robust cybersecurity measures.
The Role of AI and Digitalisation
AI and digitalisation are transforming UK manufacturing, enhancing productivity through predictive maintenance, quality control and supply chain optimisation. However, these technologies also introduce new vulnerabilities. AI systems can be exploited by cybercriminals to bypass traditional security measures, while the increased connectivity of digitalised operations expands the points and places for attack.
How do we ensure the race for productivity with the adoption of more data driven digital technology and new advancements in powerful AI tools does not create this increase in cyber insecurity?
Building Resilience: Strategies for UK Manufacturers (and globally!)
To address these challenges, manufacturers must adopt a proactive approach to cybersecurity – segment the network and isolate IT and OT systems to limit the spread of cyber threats.
- Regular Updates: Implement a structured patch management process, balancing security needs with production schedules.
- AI Security: Develop robust security protocols for AI systems, including regular audits and threat simulations.
- Employee Training: Educate staff on cybersecurity best practices and the risks associated with digitalisation.
- Incident Response Planning: Establish and test response plans to minimise downtime and recovery costs.
These key points are not new or unexpected guidance on what is good or indeed best practice. However, the part that may be new is to create trusted forums and ways for organisations to share and work together practically, in a thematic area that has felt a little difficult to do openly for fear of increasing the risk of cyber attacks.
In Summary
As the UK manufacturing sector embraces digitalisation and AI, the interplay between IT and OT will become increasingly complex. By addressing the unique challenges of legacy systems and adopting comprehensive cybersecurity strategies, manufacturers can safeguard their operations and build resilience against evolving threats. The path forward demands collaboration, innovation, and a commitment to security, ensuring that the sector remains a cornerstone of the UK economy.
Although the majority of commentary is focused on the cyber threats, challenges and the need for manufacturing and engineering to be ever more vigilant, there is some good news.
That is, there are great examples of good practice in place and the shoots of the sharing of those good practice approaches amongst peers in the sector. CeeD’s engagement with our members and partners show we are already willing to highlight the challenges and share these but also address the challenges.
There is some way to go – but if the journey we are witnessing continues, we can see that with the right amount of best practice sharing from the private sector aligned to guidance and support from policy and funding elements from Government, we will continue to improve.
Successful Cyber Project
CeeD, supported by the Scottish Government CyberScotland team, have just been running an intensive time-focused programme, the important part of best practice sharing. We know it works.
We have more to do, and perhaps the realisation that it will always be a case of more to do, highlights a strong need to continue to provide this open dialogue sharing model. The very nature of the sensitivity makes me believe that it can only be managed through a trusted community of practice such as CeeD. Not a series of initiative driven approaches or just a simple bit of networking, BUT the powerful acceleration from a Community of Practice approach.
Other sectors will find their own ways and champions, but we are proud our sector and community has leaned in on this journey and appears strongly committed to keep going at it, yes to improve their own organisation but also to help their peers.
I started my thinking at the outset of the programme that there could be this aspiration for ‘Scotland to be the most cyber secure manufacturing supply chain in the world’. Maybe a stretch goal, but all of the wins from the sharing on the journey to that goal may be enough to keep us ahead of the curve.
By being ahead of the curve, that competitive advantage for our existing company base to trade globally in a global supply chain and indeed create a powerful attractor for more investment from overseas companies. The investment challenges for growth are again a subject of an article on their own, however maybe through a cyber secure approach, this is one of the key instruments to increase our investment in our manufacturing base with modern advance technologies and just grow the base with new overseas players locating in Scotland.
I have had a good chunk of my working life legacy supporting inward investment attraction, retention and growth and it seems I am still involved in doing things in this space!
We hear so much about tariffs and potential barriers to trade affecting the supply chain. but it strikes me that unlocking the challenges of a cyber secure manufacturing supply chain may stand some of these current arrangements on their head.
The integration of Tech (although many know I believe this should not just be for the data driven coding community) into sectors such as manufacturing and engineering, when it works it is definitely a positive productivity boost. I think there is a lot of talk and a lot of focus including funding in the tech sector – maybe not all of it will have the impact we hope.
My thoughts turn to the ability for those tech companies developing cyber solutions for other sectors such as financial services having an ability to diversify and pivot to supporting sectors such as manufacturing and engineering, including the highly essential utility sector.
We have opened up our convening activities to encourage early-stage companies and relevant Tech companies to mix it up with our sector – so again I do feel this is another opportunity to create those sparks of opportunity that if they are fanned correctly give us those ‘ahead of the curve’ positions.