Ransomware Attacks Continue To The Rise In The Sector

Cyber-related security breaches affecting the manufacturing sector reduced by 10% in 2022 compared to the previous 12 months - however according to analysis of the latest Information Commissioner’s Office (ICO) data by Irwin Mitchel, the number of ransomware cases increased.

The ICO’s ‘Data Security Incidents Dashboard’ reveals that cyber incidents accounted for 70% of data breaches within the manufacturing sector in 2022. The independent regulator defines cyber as including malware, phishing and ransomware, says 141 cases were reported in 2022 compared to 155 in 2021.

Although the figure for last year was lower than the previous 12 months, analysis by Irwin Mitchell revealed that levels are still more than three times higher than in 2019, indicating a persistent challenge for manufacturers.

Expert Opinion

“Manufacturing businesses need to take urgent action to protect themselves and we urge organisations to review their security protocols and ensure they are up to date and can protect against the latest cyber threats.

“When evaluating a cybersecurity provider, security procurement teams should ask vendors about their experience, certifications, and track record. They should also inquire about the vendor's approach to automated threat detection and response and their ability to customise solutions to fit the specific needs of the business. Also consider how cyber security providers fits in with the business’ incident response plans. Additionally, businesses should review their commitment to ongoing education and training for their staff to ensure they are up to date with the latest threats and techniques.” Graham Thomson, chief information security officer and cyber security expert at Irwin Mitchell

Nationally and across all sectors in the UK there were 2,265 incidents reported to the ICO. This represents a 5% decrease from Q4 2021 when 2,395 incidents were reported. Unlike the manufacturing sector, most incidents reported in Q4 2022 were non-cyber incidents, making up 75% of the total. Non-cyber incidents decreased by 7% between Q4 2021 and Q4 2022, while cyber incidents increased by 1%.

The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO’s Data Security Incidents Dashboard presents data on the number of reports of personal data breaches received by the ICO.

Data security incidents occur when organisations do not have “appropriate technical or organisational measures” to protect the personal data they hold. This is a requirement of the UK General Data Protection Regulation (GDPR) under Principle (f): Integrity and confidentiality (security).