LevelBlue Research Finds Manufacturing Organizations are at Risk and Underprepared for Cyber Threats

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • As part of a larger global cross-industry study, LevelBlue surveyed executives in 220 manufacturing companies to gauge the state of their cyber resilience strategies in the era of AI-driven threats and other risks
  • Awareness is high but also so are concerns, with 37% saying they are seeing a significantly higher volume of attacks; just 30% said their organization is prepared for deepfake attacks, even as 47% are anticipating them

Threat actors are savvy when choosing their targets. Manufacturing holds a strong appeal to cyber criminals because the profit potential associated with intellectual property is high and, thanks in part to supply chain vulnerabilities, there are plenty of points of exposure. A recent LevelBlue survey of 220 manufacturing executives found that while awareness about the threat environment is high, preparedness, especially for AI-driven attacks, is not.

Only 32% of manufacturing executives are ready for AI-powered threats, even though 44% expect them to occur. On the supply chain front, 54% admitted to having a very low to moderate visibility into their supply chains. Just 26% said working with their software suppliers to vet their credentials will take precedence in the next year.

In spite of the fact that 28% of manufacturing executives say their organization suffered a breach in the past 12 months and more than one-third are expecting that attack volume to increase, 51% said they are highly or very highly competent to protect their enterprise against threat actors. Fifty-five percent gave themselves the same competence when it comes to implementing and using AI to enhance cybersecurity.

The contradiction between this high level of confidence in their own competencies and their preparedness for AI-driven and other types of attacks points to potential overoptimism that adversaries could easily exploit. But there are also signs that some of the traditional internal organizational cybersecurity challenges in manufacturing are being addressed. Sixty-eight percent described their cybersecurity team as being aligned with lines of business. Sixty-five percent those in leadership positions are assessed against cybersecurity KPIs, which is higher than the cross-vertical results (60%).

Seventy percent are engaged in end-user education on social engineering, again higher than the entire sample (62%). Manufacturing companies are also more willing to tap third-party security providers for security training and awareness than in the past. Thirty-eight percent said they will augment their own internal resources with external training support in the next two years versus the 30% that have engaged with a third-party in the last year.

Manufacturing organizations are investing in cybersecurity to prepare for emerging threats. Top priorities are machine learning for pattern matching (71%); cyber resilience processes across the organization (69%); GenAI to combat social engineering attacks (64%); application security (67%) and enhanced supply chain security (63%).

While investment is important, awareness, pragmatism, and solid policy execution are essential. Without these, there is no way for any enterprise to mount an effective defense against cyber adversaries.

Leave a Reply