17�Թ�����

Cybersecurity threats are increasing, while budgets are —so what are C-suites doing about it? The 17�Թ�����, in partnership with PwC, recently conducted a survey of cyber leaders at manufacturing companies to reveal how they think about their operational security and where they aim to make progress.

Why they do it: When asked why their companies are reinforcing the security of their operational technology, cyber leaders showed that they are thinking deeply about their firms’ long-term development.

• Nearly 50% of respondents said they aimed to defend against ransomware—a smart response, given that 2022 the number of ransomware attacks on industrial environments as 2021. Worse yet, 70% of those attacks targeted manufacturers.
• The second most popular answer, however, was the companies’ own internal roadmaps outlining their priorities and technology requirements. This shows how integrated cyber defenses are into companies’ long-term plans; they know that as their operations grow more sophisticated and complex, their cyber defenses have to do so as well.
• Last, cyber leaders also cited the evolution of “Manufacturing 4.0,” as they recognize that the rising sophistication of factories and “smart” technology increases attack surfaces and vectors, therefore requiring smarter and more extensive cybersecurity.

Another positive sign: One of the key indicators of success for cyber leaders is whether their IT teams—which traditionally handle cyber defenses—are in sync with their teams handling operational technology.

• On that score, the survey had good news: more than 30% of respondents said those teams were fully integrated at their companies, and almost 40% said they were partially integrated.

Reporting back: A cyber chief needs to keep the rest of the C-suite and the board informed, but not overwhelmed. So what do they tell other company leaders?

• Nearly 80% of respondents said they give updates on what you might expect: the deployment of technical controls or countermeasures to attacks, as well as progress in implementing their roadmaps.
• About 50% of respondents also said they give updates on security audits, and almost 40% provide reports on compliance with regulations.

In their own words: Several CISOs who reviewed these findings for the 17�Թ����� explained the reasoning in greater detail:

• One CISO said that “getting into quantitative discussion with boards around risk is hard, so the easier route is to do implementation updates, which provide measurable results.”
• Another CISO said “it’s better to share about what is being done, including patches and roadmaps [than overloading boards with background information].”

Get involved: Are you interested in finding out firsthand how companies handle real cyber challenges? Tell your CISO about the Manufacturing Cybersecurity Advisory Council, a group of CISOs from around the industry who gather every other month for a confidential discussion moderated by the 17�Թ�����’s COO, Todd Boppell.

• The meetings feature guest speakers, feedback on important issues and discussions of current trends, with a focus on how CISOs at large manufacturers should handle threats throughout the supply chain.

Weigh in: If you’d like to share your company’s own approach to operational technology security, you can take the 17�Թ����� and PwC’s yourself!��

Further reading: Lastly, check out PwC’s for companies looking to beef up their cyber defenses.