MxD is recognized by the Department of Defense as the “National Center for Cybersecurity in Manufacturing.” Recently, MxD released a survey co-created by a research firm called APCO Insight. The survey is titled, “Behind the Firewall: Assessing Cyber Resilience in US Manufacturing (available for download here).
The report offers several interesting insights, but with CMMC 2.0 just around the corner, there is one that stands out. First, it is important to break down the survey participants.
The sample size of the survey is somewhat small. There were 750 companies represented in the report, all of which are in the MxD database. Of that 750, 106 were Aerospace & Defense manufacturers and 102 were Defense Industrial Base manufacturers (the report does not define how it separates the two categories). Small to medium-sized businesses (500 employees or fewer) represent 630 of the 750 total companies surveyed.
One of the report’s most interesting facets is the breakdown of responses to: How Closely Organization Monitors for New or Updated Cybersecurity Laws and Regulations. According to the report, 19% of DIB manufacturers surveyed do not closely monitor cybersecurity laws and regulations. In terms of company size, 16% of small businesses follow updates to a limited degree. Large companies do a better job, with just 5% saying their monitoring of laws and regulations is limited.
One explanation for this limited following of cybersecurity rules and regulations is a limited workforce. Especially for DIB manufacturers with fewer than 100 people, there may simply not be as many resources to stay updated on regulatory compliance.
A second explanation is a lack of a clear leader in compliance. The survey notes that 73% of the small businesses polled have just 1-5 cybersecurity staff members. This means it may be hard to discern who should take the lead in making sure the company is on top of the latest cybersecurity guidelines.
The report is full of important insights that will lead to important conversations. In terms of this particular issue, there are some key action items DIB manufacturers can consider now.
Want to see how you might have responded to the survey questions? Use our cybersecurity self-assessment resource as a quick way to determine your risk appetite and the status of your cybersecurity ecosystem.