This year’s State of Information Security Report divulged the myriad challenges and opportunities that security leaders faced over the last 12 months. From supply chain management to addressing AI risk, the changing cyber threat landscape is forcing businesses to reassess and realign security priorities.

Our respondents included over 160 security professionals working in the manufacturing and utilities industry across the US and the UK. Their responses shed light on the core information security threats the industry faces, the actions leaders have taken to address cyber challenges, and their priorities for building digital resilience over the next 12 months.

Discover the top 11 information security statistics every manufacturing and utilities leader should know.

Key Information Security Statistics for the Manufacturing and Utilities Industry

Sophisticated Cyber Threats

  1. The rise of “as-a-Service” cyber threats e.g. Ransomware-as-a-Service, Phishing-as-a-Service) is the top information security challenge (46%) for manufacturing and utilities organisations.
  2. AI phishing and AI-generated misinformation and disinformation are the top emerging threat concerns for manufacturing and utilities organisations (40%).
  3. 40% of manufacturing and utilities businesses experienced phishing/vishing incidents in the last 12 months.

Organisational Challenges

  1. 36% of manufacturing and utilities organisations say employees have used GenAI without organisational permission or guidance.
  2. 43% of manufacturing and utilities organisations say they adopted AI technology too quickly and are now facing challenges in scaling it back or implementing it more responsibly.

Supply Chain

  1. 46% of manufacturing and utilities organisations have been impacted because of a cybersecurity or information security incident caused by a third-party vendor or supply chain partner in the last 12 months.
  2. 40% of manufacturing and utilities organisations require suppliers to be ISO 27001 certified; the same percentage require suppliers to be GDPR compliant.

Information Security Priorities

  1. 90% of manufacturing and utilities organisations agree that every business should have someone responsible for information security at board level.
  2. Manufacturing and utilities organisations ranked improving incident response preparedness and recovery capabilities as their top information security priority (31%).

AI Investment

  1. 70% of manufacturing and utilities organisations plan to increase their spend on AI and machine learning security applications.
  2. 98% of manufacturing and utilities organisations plan to invest in GenAI threat detection and defence in the next 12 months.

The Cyber Threat Landscape

While sophisticated AI-driven threats present an evolving challenge for organisations, long-standing methods of cyberattack are still drawing focus for manufacturing and utilities organisations. 40% of respondents from the industry stated their organisation had experienced phishing or vishing incidents in the last 12 months.

Phishing in its latest, AI-powered form was also top of mind when we asked respondents to disclose their biggest emerging threat concerns. Respondents ranked AI phishing and AI-generated misinformation and disinformation as their top emerging threat concerns (both 40%).

Similarly, manufacturing and utilities organisations cited the rise of “as-a-service” cyber threats like ransomware-as-a-service and phishing-as-a-service as the top information security challenge (46%) they currently face. Respondents ranked this challenge ahead of issues like the information security skills gap and securing emerging technologies such as AI, ML and blockchain (both 45%).

These crime-as-a-service operations see expert crime groups act as service providers on behalf of benefactors, usually in exchange for payment or a portion of a payout. With the barrier to entry for would-be cybercriminals effectively removed, phishing and ransomware attacks are more accessible than ever for malicious actors.

People and Process Challenges

Challenges around AI management extend into how staff and even leadership teams are using and implementing the technology.

More than one in three (36%) manufacturing and utilities respondents said employees have used generative AI (GenAI) without organisational permission or guidance. This ranked as the top employee information security mistake made by employees, closely followed by shadow IT (35%) and using personal devices for work purposes without proper security measures (34%).

But employees aren’t the only ones jumping the gun when it comes to AI use; this approach extends to leadership teams. 43% of respondents said their organisation adopted AI technology too quickly and is now facing challenges in scaling it back or implementing it more responsibly.

With AI technology advancing rapidly and businesses and individuals alike rushing to reap the benefits, guardrails for use and regulatory guidelines are still trailing behind. However, the EU AI Act, which is coming into effect in stages, requires AI providers to take appropriate measures to mitigate and manage AI system risk. For organisations implementing AI, the ISO 42001 standard provides best practice guidance for building a secure, ethical AI management system (AIMS) across AI system development, implementation, management and continuous improvement.

Securing the Supply Chain

Nearly half (46%) of the manufacturing and utilities organisations we surveyed said they’d been impacted because of a cybersecurity or information security incident caused by a third-party vendor or supply chain partner in the last 12 months. 15% had been impacted by multiple incidents. These organisations faced repercussions ranging from data breaches (43%) to business interruptions requiring emergency responses (36%). One in three (34%) experienced temporary system outages or operational disruption.

With incidents targeting the supply chain becoming increasingly common, manufacturing and utilities businesses are treating supply chain and vendor security as a priority. Nearly four in five (79%) of manufacturing and utilities industry respondents said their organisation has strengthened third-party and vendor risk management in the last 12 months, and 19% said they plan to do so in the coming 12 months. 55% also plan to increase their spend on supply chain and third-party vendor security in the next 12 months.

Businesses are also responding by requiring suppliers to evidence their information security and cybersecurity posture. 40% of manufacturing and utilities respondents require suppliers to be certified to the information security standard ISO 27001; the same percentage require GDPR compliance. AI management also remains a top priority in supply chain security – 35% of respondents said their organisation requires suppliers to be ISO 42001 certified.

Information Security Priorities

As businesses across the globe contend with the moving target that is the cyber threat landscape, manufacturing and utilities organisations are focusing on preparedness. Respondents ranked incident response preparedness and recovery capabilities as their top information security priority for the next 12 months (31%).

This was followed by enhancing defences against AI-generated threats such as phishing and deepfakes (30%) and enhancing employee security awareness and behaviour (27%), both of which align with the top challenges and concerns noted by Report respondents. 90% of manufacturing and utilities respondents agreed that every business should have someone responsible for information security at board level, supporting the need for organisation-wide information security awareness.

AI Threats and Opportunities

Manufacturing and utilities businesses are leveraging AI for security while preparing to defend against the technology’s more nefarious uses. 70% of manufacturing and utilities businesses plan to increase their spend on AI and machine learning security applications, bolstering existing security posture and reducing the workload for often overloaded security and compliance teams.

Additionally, 98% of manufacturing and utilities organisations plan to invest in GenAI threat detection and defence in the next 12 months. As mentioned, enhancing defences against AI-generated threats like deepfake and phishing ranked as respondents’ second highest information security priority. Here, strategic investment will put organisations in a stronger position to identify and defend against these threats.

Looking Ahead

Security leaders in the manufacturing and utilities industry are navigating a complex, set of information security challenges.

However, their responses to this year’s Report show that they’re working strategically – identifying AI threats and opportunities, tightening supply chain security requirements, and working to improve employee information security awareness, from board-level to new starters. They’re building and implementing AI systems more securely and ethically and investing in improved information security measures.

By proactively embedding information security best practices organisation-wide, manufacturing and utilities organisations can streamline their compliance efforts, grow customer trust, and improve digital resilience. We look forward to seeing how businesses in the sector have adapted to the changing cyber landscape in next year’s Report.