Who is responsible for cybersecurity in manufacturing?

Cyber resilience has never been more important for manufacturers. Manufacturing consistently takes a top-ten place in rankings of industries most targeted by cyberattacks, and as digital transformation becomes more engrained in business practices and operations, the consequences of being compromised have morphed from inconvenience to undisputed disaster.
For cybersecurity to be effective in a manufacturing company, it needs to have an equally effective responsible “owner”. Yet, research suggests that uncertainty over who takes the lead on cybersecurity is widespread – inviting unnecessary risk into business.
The specialist-generalist split
Manufacturers are decidedly split on the matter of cybersecurity responsibility, and the specialist-generalist debate is heating up. A small majority of the industry is struggling to agree whether a board member should oversee cybersecurity (since it’s such a company-wide concern), or if a traditional “techie” would be better taking the reins.
The answer lies not in finding an elusive individual that’s equal parts business strategist and cybersecurity whizz, but whoever would be most successful at the job in reality. Every business is different – and this is especially true for the varied world of manufacturing. So, it makes sense to worry less about meeting a pre-defined criterion and more about finding out (maybe with the help of a specialist audit and advisory) what works for you.
Having worked with our fair share of manufacturers, we can tell you that cybersecurity isn’t the responsibility of one department and needs to be built into how a business operates. This makes it pretty difficult to pinpoint a single owner who can work diligently to prevent, detect and diffuse cyberattacks – not just talk, monitor and complete the occasional logbook.
Taking a multi-steward approach
It’s therefore our professional opinion that the ownership and delivery of cybersecurity must be approached from a multi-steward perspective. From IT and operations to finance and HR, a representative from every department should understand how their specific job either improves or increases risks in a cyber landscape.
Whether this is ensuring that everybody is adhering to policies and practicing good “cyber hygiene” or keeping up to date with the latest threats and software, each team needs a responsible owner who can best enact and oversee qualified recommendations.
Unless a manufacturer really does have a specialist-generalist within their ranks (don’t worry, this is most definitely the exception), we advise getting these “qualified recommendations” from a specialist third party – a cybersecurity consultant or IT managed service provider for example.
Effective next steps
A great way to start is by getting an IT audit, which will identity blind spots or risk areas that are making you vulnerable and provide tailored, insight-led advice on how to improve. An audit’s findings and recommendations will serve as an effective, structured blueprint for department cybersecurity owners to use when implementing and overseeing cybersecurity.
If you need help streamlining cybersecurity in your manufacturing business, please contact Sentis Managed Solutions on 0345 862 2930 or click here.