Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

Who’s Responsible for Cybersecurity in Industrial and Manufacturing Settings?

One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

The vast majority of industrial and manufacturing safety discussions center around physical dangers. Workplace hazards like falls and contact with machinery are still relevant and deserve attention, of course. The industrial world faces digital threats, as well. Cybersecurity must now play a role in every industrial company’s safety consideration.

By 2018, 60 percent of heavy industry companies experienced a data breach in their industrial control or supervisory control and data-acquisition systems. Since then, digitization has only increased and cybersecurity standards have yet to match new technology’s adoption rate. One of the most significant challenges in industrial cybersecurity is a lack of experience and clarity.

These technologies and the threats they bring are new to industrial and manufacturing businesses. Many do not have a dedicated IT department or a chief information officer (CIO). As such, it is often unclear who is responsible for ensuring these companies stay safe from cyber threats.

What Cyber Risks Do Industrial Businesses Face?

The first step in establishing a new security architecture is determining what risks these businesses face. Perhaps the most pressing is internet of things (IoT) vulnerabilities. Hackers can use facilities’ seemingly innocuous IoT devices as a gateway to their network, accessing more sensitive data.

As manufacturers and other heavy industry businesses collect more data, they become more valuable targets. Ransomware attacks can threaten to destroy mission-critical data or leak sensitive client information unless companies pay a hefty sum. Similarly, these industries’ reliance on digital technologies means any downtime could lead to significant disruptions and bottlenecks.

Since heavy industries are new to many digital technologies, breaches from human error are more likely. These companies and their employees may be more vulnerable to phishing or accidentally exposing sensitive information.

When businesses start to understand these risks, the path forward grows clearer.

Ensuring Industrial Companies Comply with Standards

Some cybersecurity standards already exist for heavy industries, most notably the Cybersecurity Maturity Model Certification (CMMC). While the CMMC is designed for Department of Defense (DoD) contractors, it can be a helpful guide for all industrial and manufacturing companies. The responsibility, therefore, falls upon company leadership to embrace these standards even when they do not legally have to.

Cybersecurity experts point out that the CMMC is necessary but not sufficient, so companies must also go beyond these standards. Steps to take after meeting these guidelines are less clear for heavy industries, so their executive leadership must evolve. These sectors would benefit from creating a CIO or chief security officer (CSO) position to guide company-specific actions.

Creating a permanent position devoted to cybersecurity gives companies the organization they need for effective cybersecurity. The CIO or CSO can ensure compliance with standards like the CMMC, approve new technology investments, design company security infrastructure and train other employees. Without executive leadership, these industries’ cybersecurity efforts risk being uncoordinated and insufficient.

Changing Industrial Cybersecurity Culture

While hiring a CIO or CSO is a necessary step, cybersecurity should not end in the boardroom. Given the day-to-day risks of human error and attacks that capitalize on them, industrial cybersecurity must be a company-wide effort. It starts with industry standards that an executive then interprets and plans around, but then the responsibility of implementation trickles down.

Not every worker needs to be a cybersecurity expert, but they should receive basic training. According to a Deloitte survey, four out of 10 top threats to industrial cybersecurity involve employees. Teaching workers about relevant cyber risks and how to avoid them is essential to preventing these threats.

Industrial companies should stress how cybersecurity is a company-wide responsibility. Holding regular training and refresher sessions can help ensure workers do not make potentially damaging mistakes. Workers already learn to avoid physical harm in industrial settings, and cybersecurity should become a part of that on-boarding process.

Cybersecurity is Everyone’s Responsibility

Industrial cybersecurity is so pressing, and there is a widespread concern in which the responsibility does not fall to one person. Rather, it should be a shared and organized effort, starting at the top of the company leadership and flowing down to every worker. Industrial and manufacturing businesses must create a culture of cybersecurity just as they have with physical safety.

Download Center

  • Hand Safety Program

    Hand injuries are the #1 preventable industrial accident worldwide. In REThinking Hand Safety, the most comprehensive book on hand safety, you'll learn how top companies have reduced hand injuries by up to 90% and what the most successful hand safety programs have in common. Get your free copy today!

  • Free 1-on-1 Consultations

    Is your company ready to reduce hand injuries? Schedule a free meeting with a Superior Glove hand safety expert and learn how to reduce hand injuries, lower PPE costs, and increase worker productivity. Our 1-on-1 consultations offer personalized advice and recommendations for your specific needs and concerns.

  • Glove 101 Guide

    Choosing the right safety gloves for your workers can be a daunting task. That’s where some basic knowledge of gloves can really come in handy! In this comprehensive guide you’ll find key information you need to know about safety gloves from types of gloves and materials to additives, treatments, safety standards, and more.

  • Sample Program

    Find the right safety gloves for your team and try before you buy—in just 3 easy steps! Simply add the products you want to try to your sample box, complete the sample request form, and wait for your samples to arrive at no cost to you.

  • Water Protection Product Guide

    Find the right safety gloves for your workers that are designed to protect in wet environments. From light and flexible to heavy duty, find the best water-resistant gloves with mechanical protection to safeguard workers.

  • Superior Glove

Featured Whitepaper

OH&S Digital Edition

  • OHS Magazine Digital Edition - November December 2022

    November December 2022

    Featuring:

    • IH: GAS DETECTION
      The Evolution of Gas Detection
    • OSHA TOP 10
      OSHA's Top 10 Most Frequently Cited Standards for FY 2022
    • FALL PROTECTION
      Enhance Your Fall Protection Program with Technology
    • 90TH ANNIVERSARY
      The Future: How Safety WIll Continue to Evolve
    View This Issue