Canadian firms complacent on cybersecurity, says advanced manufacturing agency

The leaders of Canadian manufacturing companies don’t take cybersecurity seriously enough, says the head of an agency trying to encourage advanced manufacturing in this country.

“There’s a high degree of complacency,” Jayson Myers, CEO of Next Generation Manufacturing Canada (NGen), a non-profit leading an advanced manufacturing supercluster, said in an interview.

The C-suite has what he called “an overall concern about cybersecurity.” But, he added, “I don’t think most companies have an overall view of the risks they could potentially face. And I don’t think most have a risk mitigation system in place – not just a plan, but the procedures, training and everything else – that can effectively assure senior management that their potential [cyber] risk is going to be adequately and appropriately taken care of.”

The interview started with Myers’ observations during the annual October Cybersecurity Awareness Month activities on why it’s important to raise awareness among manufacturers about the threat of a breach of security controls.

But it then became a calm but stinging criticism of the industry’s lack of preparation for cyber attacks.

NGen is an industry-led not-for-profit that focuses on building advanced manufacturing capabilities in Canada. Funded largely by a $250 million supercluster grant from Ottawa, about $200 million has already been committed to 131 projects ranging from disinfecting robots for the healthcare sector to new protein manufacturing techniques.

Its goals include helping to build better links between manufacturers, technology firms, industry networks academics, and government funding agencies. In addition, it encourages students at all levels to think of careers in advanced manufacturing.

Myers’ knowledge of the state of cybersecurity in the industry comes in part from talking to NGen’s 4,200 members, the regular cybersecurity awareness workshops it holds for firms, and a recent industry survey 500 owners, CEOs and senior management of mainly small manufacturers.

Among the findings

•68 per cent said their organization had suffered a cybersecurity attack in the previous 12 months (by comparison, in the 2020 survey 45 per cent said they were hit);

•93 per cent believed they have done enough to protect themselves against cybersecurity threats;

•20 per cent said they were not concerned about cybersecurity;

• and only 35 per cent had an incident response plan.

It’s the results of this survey that made Myers conclude that manufacturers are complacent about cybersecurity.

In talking to members, Myers said most manufacturers are aware of vulnerabilities in what he calls “online communications,” – by which he means email and text messaging – and e-commerce, but not the cyber threats to materials, products and industrial control systems.

However, he said, as manufacturing processes become more digital, “the risks will increase exponentially.”

“Companies have to become more aware of how they are using it (cybersecurity) in the future and to get more prepared around this,” he said.

A gap to be filled

“I think senior executives – CEOs we deal with, board members – are very concerned” about cybersecurity, he added. “I think even smaller companies know they have to do something about it. I think there is, though, a gap that needs to be filled between the expectations and concerns of senior leadership, on the one hand, and the actual engineering/tech/compliance departments on the other.

“Cybersecurity is an IT issue too hot to be left in the hands of the IT specialists. Even with CEO concern, I don’t think the issues around cybersecurity are taken as seriously as they should be at the senior management and board levels. And part of that is the expectation by many of the leadership is that the IT/engineering/tech departments will handle the issue. But I think this is an issue the boards and CEOs have to take this seriously, because it can seriously compromise the organization. “Unfortunately what I see happening is sometimes it takes a problem” — such as a cyberattack on the firm or its supply chain – to raise it to a level where the senior leadership realizes how important this is.”

Asked if he believes that if Canadian companies don’t see cybersecurity as a priority it will impede their ability to be leaders in advanced manufacturing, Myers replied, “Absolutely.

“I think this is a strategic issue that every company needs to take seriously and develop the right processes, operating procedures and training to protect themselves against cybersecurity risks. I see this as a critical enabling capability for companies that are looking to develop more advanced manufacturing capacity in the future.”

NGen’s tactics to raise awareness include cybersecurity workshops and trying to create a network of cybersecurity providers who can liaise with and sell solutions to manufacturers.

But it doesn’t do something that would really raise the importance of cybersecurity to funding applicants: Make passing a cybersecurity assessment a condition of funding.

”We’re not up to that stage right now,” he said when asked why a cybersecurity assessment isn’t demanded. “That is not a requirement for funding. I think it’s a really good idea, but it’s something we need to work up to. We assess [applicants’] financial ability, but the capability to protect their data and to carry out the types of projects we’re funding is really up to the project partners.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now