Smart factory operators are well aware of the cyberthreats they face but acknowledge lack of readiness to defend against them. Credit: Elenabs / Getty Images Organizations operating smart factories largely agree that cybersecurity is a critical component to their operations. Many, however, are unprepared to deal with the growing number of cyberthreats against them, according to a report released last week by Capgemini, a provider of technology and digital transformation consulting services.The report, based on a survey of 950 organizations globally, finds that 80% agreed that cybersecurity is a critical component of a smart factory’s operations and while more than half (51%) acknowledge the number of cyberattacks will likely increase over the next 12 months, their current levels of preparedness are low.Many of the executives contacted for the survey say they will be unable to respond effectively to cyberattacks in their smart factories and manufacturing locations. What’s more, many organizations say their cybersecurity analysts are overwhelmed by the vast array of operational technology (OT) and industrial internet of things (IIoT) devices they must track to detect and prevent attempted intrusions. Given the recent exponential increase in the number of connected devices within smart factories, the report notes, this is a problem that will only grow, especially since the number of IIoT connections is expected to reach 37 billion by 2025.Heavy industry most exposed to riskCapgemini reports that cyberattacks on smart factories appear to be both pandemic- and recession-proof, with 73% of the organizations that had suffered a cyberattack did so in the last 12 months. Organizations in heavy industries were the most impacted by cyberattacks on their smart factories (58%), followed by pharmaceuticals and life science companies (44%). “Because the assembly line in heavy industries is so robust—you have more complex operating systems, more complex software, more patches applied on a regular basis—the risk profile is much more exposed in heavy industry,” explains Capgemini Americas Vice President of Cybersecurity Strategy Dave Cronin.For pharmaceuticals, Cronin continues: “They’re aware of the issues but are much more reluctant to spend because they’re not forced to spend. There are no laws or compliance requirements.” At the low end of the attack table were plants in the automotive (36%) and aerospace and defense industries (33%). One reason smart factory security in the auto industry is better than other verticals is that it’s been at it longer. “They got a head start on this five or 10 years ago,” Cronin says. What’s more, “With all the research and development that’s gone into automated and driverless driving, the safety impact of that is understood so they’ve been more proactive with their cybersecurity strategy. They realize the reputational damage that could be done if they messed something like that up.”Skills shortage, shadow IT present security challenges to smart factory operatorsMore than a quarter of the organizations impacted by cyberattacks (27%) say they’ve seen the infiltration of unsecured IIoT devices for use in DDoS campaigns increase by 20% since 2019. In a similar vein, nearly three in ten organizations (28%) saw a 20% increase in employees or vendors using infected devices to install or patch smart factory machinery.The report also identifies some key challenges to getting cybersecurity initiatives off the floor in smart factories. For example, skilled manpower is a problem. More than half of the outfits surveyed (57%) say the scarcity of smart factory cybersecurity talent is much more acute than that of IT cybersecurity talent.Shadow IT is another challenge raised by smart factory operators. Capgemini reports that more than three-quarters of the organizations surveyed are concerned about the regular use of non-standard smart factory-specific processes to repair or update OT and IIoT systems. In addition, more than half the organizations (51%) say that smart-factory cyberthreats primarily originate from partner and vendor networks.Despite the high level of unpreparedness, there is a reason for some optimism, Cronin maintains. “It’s not all doom and gloom,” he says. “There are some companies taking appropriate steps. However, as these factories get overhauled and redesigned, for those that don’t take a proactive approach and assume everything is going to be fine, there will be additional problems.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe