UK manufacturers “woefully unprepared” against cyberattack

More than half of manufacturers have been the victim of cybercrime, and a third of those have suffered some financial loss or disruption to business as a result, according to a major new report.

The manufacturing sector is the fifth most targeted for cyberattack in 2019, behind government systems and finance. Worryingly, however, industrial businesses remain among the least protected against cybercrime in Britain.


Investment in the latest digital technologies is also being hampered, with many companies holding back from implementing the latest innovations for fear of increased exposure to cyberattack.


The new report – Cyber-Security and Manufacturing – A Briefing for Manufacturerspublished by Make UK – reveals the full extent of the threat from loss of data and theft of capital and intellectual property (IP), to disruption to business and the catastrophic impact on a business’ trading reputation.

Alarmingly, all expert opinion points to the fact that many more attacks will have gone undetected, with businesses woefully unprepared to protect themselves against this ever-growing threat or to detect a breach after the event.

Cyberthreat is increasingly a business-critical issue, with 41% of manufacturers reporting that they have already been asked by a customer to demonstrate or guarantee the robustness of their cybersecurity processes.

Yet, when asked if they would be able to do this successfully, almost a third (31%) of businesses said they would be unable to give those guarantees of cybersafety if asked.

Real-world case study

In March 2019, a cyberattack brought a Norwegian aluminium producer to a standstill.

The incident occurred in March when one of the world’s largest aluminium producer NC Hydro was forced to switch to manual operation when their digital systems were infiltrated, and they became subject to a severe ransomware attack.

In the end, they had to halt production completely while the virus was isolated.

Some factories were forced to use printed order lists as they could not access data digitally and it’s believed that a ransomware virus known as ‘LockerGoga’ was used which encrypts data and then demands a ransom to decrypt the files.

The cost to the business is estimated to be NOK350m (£32m GDP).

Investment in the latest digital technologies is also being hampered, with many companies holding back from implementing the latest innovations for fear of increased exposure to cyberattack.

Encouragingly, most manufacturers told Make UK that they are employing one or more forms of tool or technology to prevent or protect themselves against cyberattack:

Encouragingly, most UK manufacturers told Make UK that they are employing one or more forms of tool or technology to prevent or protect themselves against cyberattack


Some 35% of businesses admitted they are currently not fully investing in new digital processes even when not doing so will leave them unable to compete in an ever-changing and developing global marketplace.

Stephen Phipson, CEO of Make UK, commented: ““No business can afford to ignore this issue any longer and too many are still burying their heads in the sand. This is a strategic threat; failing to get this right as a nation could cost the UK economy billions of pounds and put thousands of jobs at risk.”

Basic cybersecurity risk management principles – care of Make UK and the National Cyber Security Centre (NCSC):

Step 1 – Back up your data

Regular and routine backing up of important data ensures that it can be restored in the event of system corruption.

Step 2 – Protect your organisation from malware

Malicious software (also known as ‘malware’) can harm an organisation by infecting legitimate software, stealing data and corrupting systems.

Step 3 – Keep your smart devices safe

Mobile technology means that more of our data is being stored away from the security of the office, with a commensurate increase in risk to the data contained within.

Step 4 – Use passwords to protect your data

Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised users accessing your devices.

Step 5 – Avoid phishing attacks

Phishing emails rely on human fallibility and are getting harder to spot, and some will still get past even the most observant users.