By Sean Peasley
The manufacturing industry is vulnerable. Nearly 50 percent of executives surveyed in a recent Cyber risk in advanced manufacturing1 study Deloitte conducted in collaboration with MAPI indicate they lack confidence their company’s assets are protected from external threats. Additionally, 48 percent of cyber risk executives surveyed believe while senior management is committed to improving the company’s cyber-risk profile, obtaining adequate funding to support key cyber initiatives such as risk assessment, data protection, cyber threat monitoring, incident response planning, and employee awareness remains a significant challenge.
|Traditional board reporting covers enterprise networks and business systems, but doesn’t often expand into broader areas of cyber risk related to innovation, industrial control systems and connected products. Only when the board and C-Suite clearly understand the company’s true cyber risk profile can they appropriately prioritize resource allocation in alignment with their risk tolerance.
Keys to engaging board and C-suite executives to improve cyber security initiatives
Establish a senior management-level committee with board member representation dedicated to the issue of cyber risk.
Ensure escalation criteria includes board members. Review cyber breach incident management framework and establish escalation criteria to include board members.
Share results of enterprise cyber risk assessments at the board level, including the potential impact on business outcomes in the areas of sensitive data protection, ICS, and connected products.
Establish a dashboard of key cyber risk indicators and trends to support continued dialogue around strategic investments designed to improve cyber maturity across the organization.
Share cyber security updates and awareness efforts with board members. Board updates should include results of broad employee awareness and resiliency efforts, including lessons learned from wargaming simulations and table top exercises. This should also include transparency on the most likely cyber risk events a company may experience, key mitigation and incident response strategies, and continuous improvement opportunities identified in these efforts.
Ask the right questions to ensure updates to the board are complete. When it comes to a board update, the following framework can help boards evaluate questions to ask to determine whether the scope of the update they are receiving is complete:
Ten questions boards should be asking
Only when the board and C-Suite understand the company’s true cyber risk profile can they appropriately prioritize resource allocation in alignment with their risk tolerance. Asking the right questions and establishing key engagement strategies at the board level will improve the awareness of security needs from the top down and help secure the best resource allocation and funding to address cyber security concerns and prioritize initiatives.
To get a more in-depth look of the findings, be sure to visit www.deloitte.com/us/cyber-risk-advanced-manufacturing where you can download the full report, executive summary and infographic. And, be on the lookout for an upcoming series of blog posts on the key themes identified in our study.
To download the full study and infographic, click here: Cyber Risk in Advanced Manufacturing Study
1Cyber risk in advanced manufacturing, Deloitte and MAPI, 2016