Better choices in the boardroom result in better performance on the factory floor. During these leadership planning meetings, the information evaluated and discussed focuses on digital strategies to promote productivity and address workforce constraints.
As we approach the fourth calendar quarter, many businesses have made significant changes to their plans. Some manufacturers are moving forward with expansion plans, while others focus on restoring financial health.
Leadership teams also need to be aware of the full financial impact of a data breach on their bottom line. Becoming engaged and mindful does not require executives to become technical experts. As leadership teams acknowledge the need for diligence, this conflicts with the limited awareness and the lack of strategy for avoiding or addressing future loss events.
Data breach factors that impact your bottom line are not limited to revenue loss, damage to reputation, or loss of Intellectual Property. Unbudgeted expenses, such as fines, legal fees, public relations, and investigations, increase future insurance premiums. Loss prevention decisions for leadership will be pivotal, as demands for growth and protection compete for resources.
What is cyber security?
Cyber security in business is the intentional effort to understand, manage, and reduce cyber security risk by protecting your networks, systems, data, and personnel. More significant disruption events throughout supply chains are making cyber security less voluntary. Customers are increasing contract mandates for data security, and the penalties levied for data breaches.
When executives review these contractual mandates, there is often confusion about the actual security requirements. When a member of senior management makes a statement such as “make us secure,” that broad statement is equivalent to “take us North.” The answer to both questions is your destination and how far do we want to go?
Each company’s journey is different, so navigation with a strategy is imperative. The basics of your cyber security plan should include five core requirements.
1. Identify: Maintain an active inventory of all equipment, software, and data in use. Define roles for people accessing data, plan measurable steps to protect against attacks, and limit the damage if one occurs.
2. Protect: Control who accesses the network, uses computers and devices, verifies backups, regularly maintain security patches and updates, and the people accessing data.
3. Detect: Monitor systems for unauthorized access and investigate unusual activity.
4. Respond: Have a notification plan for stakeholders and law enforcement, investigate and contain the attack, and then adjust policies and procedures based on lessons learned.
5. Recover: After the attack, repair and restore functionality and update stakeholders on recovery activities
Why is cyber security important?
Many organizations focus budgets on initiatives that increase revenue while limiting funding for cyber security. Due to the Coronavirus pandemic, businesses worldwide funded virtual collaboration, work from home, and cloud adoption projects. Some companies invested in laptops, virtual private networks (VPNs), virtual desktops (VDI), and human resource systems.
The deployment of these new technologies has left less budget to secure and monitor the new workflows. The rapid deployment of new technologies is causing a new set of problems since access methods have changed and are no longer as reliable or secure.
As noted in greater detail later in this article, the number of security incidents continues to increase yearly, as well as financial losses. Based on news reports, you might expect a 20% or 30% increase. Chubb, one of the largest cyber policy insurers, cited the following claims growth details, across all industries, for the current year 2020:
- Hacking Claim Growth: 451%
- Malware Claim Growth: 507%
- Misuse Claim Growth: 150%
- Error Claim Growth: 268%
There is an obvious problem with this level of reported incidents leading to claims. Yes, we realize that some leadership teams have a mindset challenge to overcome. However, this level of claims growth speaks to a more systemic problem. Based on our conversations with many intelligent leaders, there is a general lack of awareness.
Why is information security a management problem
As part of the digital integration initiatives, manufacturers should include information security to manage and protect their sensitive information. Sensitive information such as R&D sensitive data, proprietary product data, customer information, employee personal information, and Controlled Unclassified Information (CUI) has always been the focus of information security.
Still, hackers have new attack motives, often interrupting business operations by encrypting data or preventing users from accessing their systems. The hackers then request a payment, called a ransom, to return data access to the business. This exposure makes role-based access, access controls, layered security, backup security and integrity, data retention, and data destruction actively managed processes.
While having a sense of cyber security throughout the organization is essential, allocating the security resources to where it matters most is necessary. Prioritize security resources toward mission-critical services and activities. Businesses should also not focus on addressing a single problem with an individual solution when prioritizing security resources. Companies should use multiple technologies that address various issues, even ones that one technology may already handle.
Do I need cyber security if I have cyber insurance?
With threats and awareness gaps growing daily, it’s no wonder companies are quickly paying premiums for cyber insurance. Exposure increases the probability of claims, so your policy hedges against the potential losses from the catastrophic effects of cyberattacks.
Insurance companies are adjusting prerequisites for standalone cyber and package policies in response to claim loss ratios. The cyber insurance market is changing in response to many companies experiencing denied cyber claims. Some renew policies at a multiple of last year’s policy expense, while others are denied a policy renewal.
These trends are clear indications that insurers underestimated many companies’ cyber exposure. They now require companies to certify that stronger security protections are in place as a condition of coverage. What happens when you misunderstand your insurer’s requirements for the cyber policy and misreport your readiness for insurance coverage? Misunderstandings are one of the increasing reasons for denied claims.
How do cyber security services help my business?
Organizations of all sizes, in every industry, are impacted by cyberattacks. The good news is that continuous security steps will prevent future breaches. That’s why preemptive programs are so critical to avoiding massive problems and disruptions down the road.
Cyber security is not a one-and-done checklist item. Similarly, delegating cyber security tasks does not absolve your responsibilities to the corporation, stakeholders, and customers.
While evaluating, buying, and implementing cyber security technologies, influential leaders will review how the proposed solution best fits their needs. The first thoughts executives think about before purchasing are reviewing the needs of the business, the budget, and the resolutions the product offers.
Most of the danger lies in knowing what you don’t know will likely hurt you. After all, we don’t know what we don’t know.
Many vendors will say that their service or product meets all of your needs. The reality is that this is frequently not the case. The lack of mutual understanding is causing pain for business owners and executives who unknowingly squander resources. The lack of oversight is impacting manufacturers and the economy.
Repeatedly, IT service providers and managed service providers (MSPs) fail in their commitments to serve and protect. These low-quality IT services may address your helpdesk needs but fail to deliver the loss prevention services needed to protect your business and reputation.
How can I secure my business from cyber attacks?
Uninterrupted revenue-generating operation is the goal. Our process allows you to prioritize the cyber threats that impact your business the most. We safeguard your critical assets from malicious exploitation. As you establish a culture of resilient cyber security, you define your tolerance for loss from cyber exposure and shape the outcomes in line with the business goals.
Through a combination of training your staff, implementing network, computer, and data security, and improving accountability through oversight with Inspectionem, you can maximize the effectiveness of your security investments.
Cyber security throughout supply chains has transformed from a department issue to a business-level problem. Manufacturers expanded the implementation of automation within their operations, and new possibilities exist for hackers to attack their systems. With many automation tools allowing access and control to Internet-connected devices, attackers focus their attacks on these devices due to ease of access and the potential for business interruption.
There are no easy buttons to press, but a more straightforward approach remains. With many organizations still leveraging work from home (WFH), virtual collaboration, and various cloud applications, companies will find ways for employees to continue their revenue-generating activities. While it is up to the IT department to deliver remote capabilities, it is up to the leadership team to help them ensure that the access and workflows are safe.
Leadership gains awareness through facts
Developing awareness is a crucial first step in effective leadership because it lays the foundation to build intelligence and capability. The more committed leadership creates digital trust, the more effective they are in executing strategies and influencing others. Let’s look at detailed manufacturing claims data offered by Chubb to increase our awareness and shared knowledge.
As noted above, Chubb cited the following claim growth details, across all industries, for the current year:
- Hacking Claim Growth: 451%
- Malware Claim Growth: 507%
- Misuse Claim Growth: 150%
- Error Claim Growth: 268%
According to Chubb, through the first eight months of 2020, USA manufacturers experienced:
Manufacturers Under $25M
- Actions causing cyber incidents:
- 53% were social
- 35% were malware
- 12% were errors
- Actors causing cyber incidents:
- 82% were external
- 12% were internal
- 6% were partners
Manufacturers $25.1 to $150M
- Actions causing cyber incidents:
- 45% were social
- 39% were malware
- 10% were hacking
- 3% were misuse
- 3% was errors
- Actors causing cyber incidents:
- 87% were external
- 6% were internal
- 6% were partners
Manufacturers $151 to $500M
- Actions causing cyber incidents:
- 43% were social
- 35% were malware
- 17% were hacking
- 4% were errors
- Actors causing cyber incidents:
- 91% were external
- 4% were internal
- 4% were partners
Manufacturers over $501M
- Actions causing cyber incidents:
- 29% were social
- 29% were malware
- 29% were hacking
- 14% were errors
- Actors causing cyber incidents:
- 86% were external
- 14% were internal
Things have changed. Cyber security responsibilities have moved beyond the IT department and into every board meeting throughout the United States and worldwide.
As a proud supporter of American companies, Certitude Security® is working diligently to inform leaders and facilitate essential asset protection priorities for manufacturers and supply chains throughout the United States.
Problem discussions can be a defining moment in your career. If you are interested in value creation, learn about SPOT-Beam™ by Certitude Security®. We look forward to helping you and your business succeed!