Manufacturing SMEs Must Take Cybersecurity Seriously
With manufacturing facing an unprecedented onslaught of cyberattacks, investment in the cyber status of manufacturing has never been more important. But now there is one more reason – and a very personal one for directors: the growing risk of serious penalties and even jail time in cases of gross negligence. The Australian federal government has been ramping up privacy and cybersecurity rules in recent years, most recently with the Notifiable Data Breaches scheme and the Security of Critical Infrastructure Act. Harsh penalties cannot be dismissed as a problem just for big businesses. Companies with turnovers of $3 million or more can be subject to fines of up to $50 million for the business, with directors liable for up to $2.5 million, removal from the board, or even imprisonment for gross negligence leading to significant financial loss or damage to shareholder value.
Authorities are gearing up for enforcement, with ASIC Chairman Joe Longo telling The Australian Financial Review Cyber Summit in September 2023 that “cyber resilience has got to be a top priority.” “If things go wrong, ASIC will be looking for the right case where company directors and boards failed to take reasonable steps, or make reasonable investments proportionate to the risks that their business poses,” Mr. Longo said. “I can assure you that in the right case ASIC will commence proceedings if we have reason to believe those steps were not taken.” Manufacturers and steel fabrication Australia tend to focus on making things. But it is imperative they also protect their data because they are extremely susceptible to cybercrime.
According to IBM’s X-Force Threat Intelligence Report, manufacturing has the dubious honour of being the most-attacked industry by cybercriminals — for the third consecutive year. The report found that last year, manufacturers made up more than 25% of security incidents. Malware attacks, which include ransomware, were the most common. According to IBM’s report, security fundamentals such as patching, multi-factor authentication, or least-privilege principles can prevent 85% of incidents. But manufacturers are not always doing these things. This points to serious breaches in cybersecurity for the industry. The reason 34% of manufacturers and heavy steel fabrication companies pay a ransom? They cannot afford downtime. In a marker of the urgency around cybersecurity, “Cybersecurity Strategies for SME Manufacturers” featured as the closing keynote at the Central Innovations inaugural Manufacturing Innovation Thought Leadership Conference in May.
Strategic Adviser to Corporate IT and manufacturing Shane Williams talked about how SME manufacturers can navigate the complexities of digital transformation and the imperative for robust cybersecurity measures. Issues such as resolving data issues, ensuring secure communication, and developing effective cybersecurity strategies were discussed, along with practical steps for safeguarding digital assets without requiring deep technical knowledge. He gave the example of a cyberattack where a phishing email reached a pressure vessels manufacturer’s finance department, intercepting an invoice resulting in payment to a different bank account. Once the client found out, they shut down their account. Because of a long-standing relationship, the company recovered eventually. “It took them two years to get back their market share from one incident that lasted for one day, for one invoice,” Mr. Williams said. “It’s not the $15,000 invoice that’s the problem or the $20,000 in forensic IT to fix it; it’s two years’ worth of lost revenue from your biggest customer and the reputational damage.”
