Better choices in the board room result in better performance on the factory floor. The information evaluated and discussed during these leadership planning meetings continues to focus on digital strategies to promote productivity and address workforce constraints. As we approach the fourth calendar quarter, many businesses have made significant changes to their plans. Some manufacturers are moving forward with expansion plans, while others are focused on restoring financial health.

Leadership teams also need to be aware of the full financial impact that a data breach can have on their bottom line. Becoming engaged and mindful does not require executives to become technical experts. The acknowledgment for diligence, conflicts with the limited awareness, and the lack of strategy for how to avoid or address future loss events.

Data breach factors that impact your bottom line are not limited to revenue loss, damage to reputation, or loss of Intellectual Property. Unbudgeted expenses, such as fines, legal fees, public relations, and investigations, increase in future insurance premiums. Loss prevention decisions for leadership will be pivotal, as demands for growth and protection compete for resources.

What is cyber security?

Cyber security in business is the intentional effort to understand, manage, and reduce cyber security risk through the protection of your networks, systems, data, and personnel. More significant disruption events throughout supply chains are making cyber security less voluntary. Customers are increasing contract mandates for data security, and the penalties levied for data breaches.

When executives review these contractual mandates, there is often confusion about the actual security requirements. When a member of senior management makes a statement such as “make us secure,” that broad statement is equivalent to “take us North.” The answer to both questions is, what is your destination and how far do we want to go?

The journey is different for each company, which is why navigation with a strategy is imperative. The basics of your cyber security plan should include five core requirements.

1. Identify: Maintain an active inventory of all equipment, software, and data in use. Define roles for people accessing data, plan measurable steps to protect against attacks, and limit the damage if one occurs.

2. Protect: Control who accesses the network, uses computers and devices, verifies backups, regularly maintains security patches and updates, and the people accessing data.

3. Detect: Monitor systems for unauthorized access and investigate unusual activity.

4. Respond: Have a notification plan for stakeholders and law enforcement, investigating and containing the attack, and then adjust policies and procedures based upon lessons learned.

5. Recover: After the attack, repair and restore functionality and update stakeholders on recovery activities

Why is cyber security important?

Many organizations focus budget toward initiatives that increase revenue while limiting funding for cyber security. Due to the Coronavirus pandemic, businesses worldwide funded virtual collaboration, work from home, and cloud adoption projects. Some companies invested in more laptops, virtual private networks (VPNs), virtual desktops (VDI), and human resource systems.

The deployment of these new technologies has left less budget to secure and monitor the new workflows. The rapid deployment of new technologies is causing a new set of problems since access methods have changed and are no longer as reliable or secure.

As noted in greater detail later in this article, the number of security incidents continue to increase every year, as well as the financial losses. Based on news reports, you might expect a 20% or 30% increase. Chubb, one of the largest cyber policy insurers, cited the following claims growth details, across all industries, for the current year 2020:

  • Hacking Claim Growth: 451%
  • Malware Claim Growth: 507%
  • Misuse Claim Growth: 150%
  • Error Claim Growth: 268%

With this level of reported incidents leading to claims, there is an obvious problem. Yes, we realize that some leadership teams have a mindset challenge to overcome. However, this level of claims growth speaks to a more systemic problem. Based on our conversations with many intelligent leaders, there is a general lack of awareness.

Hacker attempts to breach a company's cyber defensesCyber criminals continuously develop new hacking and infiltration techniques to get around enterprise security.

Why is information security a management problem

As part of the digital integration initiatives, manufacturers should include information security to manage and protect their sensitive information. Sensitive information such as R&D sensitive data, proprietary product data, customer information, employee personal information, and Controlled Unclassified Information (CUI) has always been the focus of information security.

Still, hackers have new attack motives, often taking the direction of interrupting business operations by encrypting data or preventing users from accessing their systems. The hackers then request a payment, called a ransom, to return data access to the business. This exposure makes role-based access, access controls, layered security, backup security and integrity, data retention, and data destruction actively managed processes.

While having a sense of cyber security throughout the entire organization is essential, allocating the security resources to where it matters most is a necessity. Prioritize security resources towards mission-critical services and activities. When prioritizing security resources, businesses should also not focus on addressing a single problem with an individual solution. Companies should use multiple technologies that address various issues, even issues that one technology may already handle on its own.

Do I need cyber security if I have cyber insurance?

With threats and awareness gaps growing daily, it’s no wonder companies are quickly paying premiums for cyber insurance. Increased exposure makes the probability of claims higher, so your policy hedges against the potential losses from the catastrophic effects of cyberattacks.

Insurance companies are adjusting prerequisites for standalone cyber and package policies in response to loss ratios for claims. The cyber insurance market is changing in response to an increasing number of companies are experiencing denied cyber claims. Some are renewing policies at a multiple of last year’s policy expense, while others are denied a policy renewal.

These trends are clear indications that insurers underestimated many companies’ cyber exposure. They now require companies to certify that stronger security protections are in place as a condition of coverage. What happens when you misunderstand the requirements of your insurer for the cyber policy and misreport your readiness for insurance coverage? Misunderstandings are one of the increasing reasons for denied claims.

How do cyber security services help my business?

Organizations of all sizes, in every industry, are impacted by cyberattacks. The good news is that continuous security steps will continue to prevent future breaches. That’s why preemptive programs are so critical to avoiding massive problems and disruption down the road.

Cyber security is not a one and done checklist item. Similarly, delegating cyber security tasks does not absolve your responsibilities to the corporation, stakeholders, and customers.

While evaluating, buying, and implementing cyber security technologies, effective leaders will review how the proposed solution best fits their needs. Reviewing the needs of the business, the budget, and the resolutions the product offers are the first thoughts executives think about before purchasing. Most of the danger lies in the fact that what you don’t know will likely hurt you. After all, we don’t know what we don’t know.

Many vendors will say that their service or product meets all of your needs. The reality is that this is frequently not the case. The lack of mutual understanding is causing pain for business owners and executives who unknowingly squander resources. The lack of oversight is impacting manufacturers and the economy.

Repeatedly, IT service providers and managed service providers (MSPs) fail in their commitments to serve and protect. These low-quality IT services may address your helpdesk needs, but fall short of delivering the loss prevention services needed to protect your business and reputation.

How can I secure my business from cyber attacks?

Uninterrupted revenue-generating operation is the goal. Our process allows you to prioritize the cyber threats that impact your business the most. We safeguard your critical assets from malicious exploitation. As you establish a culture of resilient cyber security, you define your tolerance for loss from cyber exposure and shape the outcomes that are in line with the business goals.

Through a combination of training your staff, implementing network, computer, and data security, and improving accountability through oversight with Inspectionem, you can maximize the effectiveness of your security investments.

Cyber security throughout supply chains has transformed from a department issue to a business-level problem. Manufacturers expanded the implementation of automation within their operations, and now new possibilities for hackers to attack their systems exist. With many forms of automation tools allowing access and control to Internet-connected devices, attackers focus their attacks on these devices due to ease of access and potential for business interruption.

There are no easy buttons to press, but there remains a more straightforward approach. With many organizations still leveraging work from home (WFH), virtual collaboration, and various cloud applications, companies will find ways for employees to continue their revenue-generating activities. While it is up to the IT department to deliver remote capabilities, it is up to the leadership team to help them ensure that the access and workflows are safe.

Digital lockCreating strong cyber security policies requires input from IT leaders, C-suite executives, and security partners.

Leadership gains awareness through facts

Developing awareness is a crucial first step in effective leadership because it lays the foundation upon which you build intelligence and capability. The more committed leadership is to developing digital trust, the more effective they are in executing strategies and influencing others. Let’s look at detailed manufacturing claims data offered by Chubb to increase our awareness and shared knowledge.

As noted above, Chubb cited the following claim growth details, across all industries, for the current year:

  • Hacking Claim Growth: 451%
  • Malware Claim Growth: 507%
  • Misuse Claim Growth: 150%
  • Error Claim Growth: 268%

According to Chubb, through the first eight months of 2020, USA manufacturers experienced:

Manufacturers Under $25M

  • Actions causing cyber incidents:
  • 53% were social
  • 35% were malware
  • 12% were errors
  • Actors causing cyber incidents:
  • 82% were external
  • 12% were internal
  • 6% were partners

Manufacturers $25.1 to $150M

  • Actions causing cyber incidents:
  • 45% were social
  • 39% were malware
  • 10% were hacking
  • 3% were misuse
  • 3% was errors
  • Actors causing cyber incidents:
  • 87% were external
  • 6% were internal
  • 6% were partners

Manufacturers $151 to $500M

  • Actions causing cyber incidents:
  • 43% were social
  • 35% were malware
  • 17% were hacking
  • 4% were errors
  • Actors causing cyber incidents:
  • 91% were external
  • 4% were internal
  • 4% were partners

Manufacturers over $501M

  • Actions causing cyber incidents:
  • 29% were social
  • 29% were malware
  • 29% were hacking
  • 14% were errors
  • Actors causing cyber incidents:
  • 86% were external
  • 14% were internal

Things have changed. Cyber security responsibilities have moved beyond the IT department and into every board meeting throughout the United States and around the world. As a proud supporter of American manufacturing, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturing businesses throughout the United States. If you are interested in learning about the empowerment services that Certitude Security® can offer, visit our website or coordinate a time to speak to a team member today.