The mechanical and plant engineering sector has shown significant progress in defending against cyber-risks. According to a current study titled Industrial Security, conducted by the German Mechanical Engineering Industry Association (VDMA) in cooperation with the Fraunhofer Institute for Applied and Integrated Security AISEC, more and more companies are investing in digital protective measures. In spite of these improvements, cyberattacks continue to cause considerable damage, with harm totaling in the nine figures. Further action is needed, especially for smaller enterprises. Social engineering and phishing represent the biggest threat to companies, followed by human error and sabotage.

Technical measures becoming established 

Most of the companies that responded to the survey are relying on specific security solutions these days. Another positive sign is that measures to raise awareness have had a broad impact. The success rate for attacks has diminished as well, with just 55 percent of companies reporting negative impacts as a result of security incidents, a decrease of about 15 percent from the figure for 2019. However, it is also apparent that security is increasingly a responsibility that is being handled internally; 88 percent of the companies surveyed have their own staff in this area and are increasingly placing their trust in technical security measures. The biggest threat is posed by social engineering and phishing, followed by human error and sabotage. This means greater investment in employee training and raising awareness is needed. 

Underestimated relevance of legal specifications

One especially critical point is the handling of legal requirements. Many firms underestimate the EU NIS 2 Directive, which applies to significantly more companies than previously. About a quarter of the businesses surveyed assume that they do not fall under the directive — when in fact, they do. Small and medium-sized companies in particular are not yet adequately prepared. They face not only a legal risk but also a strategic failure to build resilient structures. “SMEs in particular need targeted support,” says Maximilian Moser, VDMA Software and Digitalization.

Digital transformation as a driving force — and a risk

With the digital transformation gathering momentum, the risk posed by cyberattacks is more urgent than ever. Connected production systems and cloud-based applications offer many advantages, but they also expand the potential attack surface. This makes it crucial to consider cybersecurity from the start and understand it as part of the job of leadership.