The vast majority of manufacturing firms reportedly saw a significant increase in cyber incidents last year – and need to improve their security posture as IT/OT convergence accelerates, according to new research.
Around 80% of manufacturing firms surveyed by consultancy business Omdia reported an increase in security incidents, with 31% seeing a financial impact from the attacks.
The data comes as manufacturing firms continue to integrate IT into more of their operating equipment, with the tech executives, representing companies with at least 500 employees, reporting to the survey that OT/IT integration will increase by 20% over the next two years.
The report, produced for telco company Telstra, follows recent high-profile attacks on automotive company Kojima Industries and semiconductor equipment maker MKS Instruments among other manufacturers.
Manufacturers must address the risks of OT/IT convergence if they are to reap its benefits, Ganesh Narayanan, Global Head of Cyber Security for Telstra International, said.
“Organisations should prioritise IT/OT and IoT security across six core areas: Collaboration and planning, defining a strategy, bolstering technical expertise, assigning responsibility and accountability, leveraging the right tools, and expediting readiness with standards" – Ganesh Narayanan
See Also: Manufacturers are too vulnerable to cyber attacks: bigger steps are needed
The survey comes as ransomware continues to pose a major threat to manufacturers – with a separate study for cybersecurity company Sophos finding that 65% of manufacturers were hit last year.
Losses from ransomware incidents have also increased across all businesses, with cyber insurance provider Coalition reporting they had risen by more than two thirds in the first half of 2024.
For manufacturing firms, losses are particularly high for attacks at the highest level of their IT/OT stacks, said the Omdia report, with 43% of incidents at the planning/management level reported as having a severe or financial impact, compared to just 20% at the production process level.
The top heavy source of incidents further highlights the vulnerability of connecting IT systems with operational equipment if legacy systems are not properly protected first.
As a result of the threat of attacks related to IT/OT convergence to manufacturing and infrastructure services, an international consortium of national cyber security organisations published a “principles of operation technology cyber security” document last year.
Led by the Australian Cyber Security Centre, the principles sought to encourage best practice in the field and highlighted steps including the segmentation and segregation of OT from other networks.
