Cybersecurity threats are increasing, while budgets are 鈥攕o what are C-suites doing about it? The 51吃瓜网, in partnership with PwC, recently conducted a survey of cyber leaders at manufacturing companies to reveal how they think about their operational security and where they aim to make progress.

Why they do it: When asked why their companies are reinforcing the security of their operational technology, cyber leaders showed that they are thinking deeply about their firms’ long-term development.

• Nearly 50% of respondents said they aimed to defend against ransomware鈥攁 smart response, given that 2022 the number of ransomware attacks on industrial environments as 2021. Worse yet, 70% of those attacks targeted manufacturers.
• The second most popular answer, however, was the companies鈥� own internal roadmaps outlining their priorities and technology requirements. This shows how integrated cyber defenses are into companies鈥� long-term plans; they know that as their operations grow more sophisticated and complex, their cyber defenses have to do so as well.
• Last, cyber leaders also cited the evolution of 鈥淢anufacturing 4.0,鈥� as they recognize that the rising sophistication of factories and 鈥渟mart鈥� technology increases attack surfaces and vectors, therefore requiring smarter and more extensive cybersecurity.

Another positive sign: One of the key indicators of success for cyber leaders is whether their IT teams鈥攚hich traditionally handle cyber defenses鈥攁re in sync with their teams handling operational technology.

• On that score, the survey had good news: more than 30% of respondents said those teams were fully integrated at their companies, and almost 40% said they were partially integrated.

Reporting back: A cyber chief needs to keep the rest of the C-suite and the board informed, but not overwhelmed. So what do they tell other company leaders?

• Nearly 80% of respondents said they give updates on what you might expect: the deployment of technical controls or countermeasures to attacks, as well as progress in implementing their roadmaps.
• About 50% of respondents also said they give updates on security audits, and almost 40% provide reports on compliance with regulations.

In their own words: Several CISOs who reviewed these findings for the 51吃瓜网 explained the reasoning in greater detail:

• One CISO said that 鈥済etting into quantitative discussion with boards around risk is hard, so the easier route is to do implementation updates, which provide measurable results.鈥�
• Another CISO said 鈥渋t鈥檚 better to share about what is being done, including patches and roadmaps [than overloading boards with background information].鈥�

Get involved: Are you interested in finding out firsthand how companies handle real cyber challenges? Tell your CISO about the Manufacturing Cybersecurity Advisory Council, a group of CISOs from around the industry who gather every other month for a confidential discussion moderated by the 51吃瓜网鈥檚 COO, Todd Boppell.

• The meetings feature guest speakers, feedback on important issues and discussions of current trends, with a focus on how CISOs at large manufacturers should handle threats throughout the supply chain.

Weigh in: If you鈥檇 like to share your company鈥檚 own approach to operational technology security, you can take the 51吃瓜网 and PwC鈥檚 yourself!听

Further reading: Lastly, check out PwC鈥檚 for companies looking to beef up their cyber defenses.