"A lot of the executives we asked about security risks don't believe their data is at risk or is at very little risk," says Karen Kurek, leader of McGladreys industrial products practice and a member of the National Association of Manufacturing (NAM) Board of Directors. "Two-thirds of them said it was at little or no risk. I think in general, in this sector, a lot of people don't understand the potential exposure that they have."
"But we know that middle market companies very much are targeted," she adds. "Part of [the reason for their belief] is because ignorance is not bliss. There's this false sense of security. They don't know what they don't know until something happens to them."
In its 2013 Manufacturing & Distribution Monitor report, McGladrey surveyed 1,067 industry executives across the U.S. and found that 68 percent of them feel their data is at little or no risk. However, that is actually and improvement from 2012, when 77 percent of industry executives felt their data was at little or no risk.
Executives at Large Businesses More Concerned by Risk
Executives at large businesses are actually more likely to be concerned with the risk. McGladrey found that 44 percent of executives at large businesses are concerned about risks to their data as compared with 31 percent of executives at midsized businesses and 32 percent of executives at smaller businesses.
"It seems as if executives at these large businesses understand something that executives at smaller businesses do not," the report notes. "This may reflect an assumption by smaller business executives that their data holds no interest for those seeking unauthorized access. This is a commonly held belief, but it is insufficient as a risk management strategy."
Manufacturing Sector Is No. 1 Target for Corporate Espionage
"The perception by a majority of executives that their data is at little or no risk, however, runs counter to the rising threats to information security," the report adds.
"Account takeovers and fraud are widespread: During 2010 alone, Symantec documented 286 million unique threats, a 400-percent increase from just the year before, the report continues. According to a report conducted by Verizon in 2013, there was a 275 percent increase in breaches in the manufacturing industry alone over the prior year. Notably, if the breach data was filtered for incidents of corporate espionage (cases where the data lost was the result of disgruntled or exiting employee), manufacturing was the No. 1 victim of these types of incidents."
Part of the reason for industrial executives' cavalier attitude toward the risk to their data may lie in the fact that these executives often don't believe their organizations have sensitive data, Kurek says. But she notes that every organization, no matter how big or small, has critical data: patents, technology, personnel records, corporate credit cards, health benefits, intellectual property and so forth-and there are plenty of customers for this stolen data, including rogue states, competitors and organized crime.
Sign up for Computerworld eNewsletters.