Insight: Manufacturers see overall fall in cyber-related data breaches

Cyber-related security breaches affecting the manufacturing sector reduced by 10% in 2022 compared to the previous 12 months – however according to analysis of the latest Information Commissioner’s Office (ICO) data by Irwin Mitchell, the number of ransomware cases increased.

The ICO’s ‘Data Security Incidents Dashboard’ reveals that cyber incidents accounted for 70% of data breaches within the manufacturing sector in 2022. The independent regulator defines cyber as including malware, phishing and ransomware, says 141 cases were reported in 2022 compared to 155 in 2021.

Although the figure for last year was lower than the previous 12 months, analysis by Irwin Mitchell revealed that levels are still more than three times higher than in 2019, indicating a persistent challenge for manufacturers.

Graham Thomson, chief information security officer and cyber security expert at Irwin Mitchell, said: “Manufacturing businesses need to take urgent action to protect themselves and we urge organisations to review their security protocols and ensure they are up to date and can protect against the latest cyber threats.”

He says that manufacturers need to take care also when choosing their cyber security provider, adding that: “When evaluating a cybersecurity provider, security procurement teams should ask vendors about their experience, certifications, and track record. They should also inquire about the vendor’s approach to automated threat detection and response and their ability to customise solutions to fit the specific needs of the business. It’s also important to consider how cyber security providers fit in with the business’ incident response plans. Additionally, organisations should review their commitment to ongoing education and training for their staff to ensure they are up to date with the latest threats and techniques.”

Nationally and across all sectors in the UK there were 2,265 incidents reported to the ICO. This represents a 5% decrease from Q4 2021 when 2,395 incidents were reported. Unlike the manufacturing sector, most incidents reported in Q4 2022 were non-cyber incidents, making up 75% of the total. Non-cyber incidents decreased by 7% between Q4 2021 and Q4 2022, while cyber incidents increased by 1%.

The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO’s Data Security Incidents Dashboard presents data on the number of reports of personal data breaches received by the ICO.

Data security incidents occur when organisations do not have “appropriate technical or organisational measures” to protect the personal data they hold. This is a requirement of the UK General Data Protection Regulation (GDPR) under Principle (f): Integrity and confidentiality (security).

How Irwin Mitchell can help

Its multi-disciplinary team of trusted cyber security experts provide a cyber security audit service to small and medium businesses of any type and are supported by a team of lawyers who can advise on the related regulations and requirements, such as GDPR.

The Irwin Mitchell cyber security audit is an accessible and cost-effective way of understanding your key cyber-risks and mitigating them with straightforward, hard-hitting controls. Its specialists offer a comprehensive audit of the key hygiene factors within an organisation which aims to reduce up to 98% of cyber security risk.