1. Harm to your people
Every business has a duty of care towards its employees, especially in the industrial sector. Where there is moving machinery, hazardous chemicals, pressurised pumping systems or storage of highly flammable materials, companies must take extensive precautions to protect the health and safety of their people. If a malicious actor were to gain access to the control systems and make any sort of change, a resulting malfunction could pose a risk of injury or even death to personnel. Maintaining full control of safety-critical systems is, therefore, absolutely essential.
2. Harm to the environment
Keeping control of your process systems is also important for the sake of environment. If an attack on a sewage treatment or oil and gas plant, for example, were to lead to a leak, this could pollute water sources, start fires and threaten local flora and fauna. As pressure mounts globally for companies to limit their environmental impact, effective cybersecurity measures are imperative to avoid finding yourself at the centre of an environmental disaster.
3. Harm to your assets
We’ve already mentioned that a cyber-attack could cause control systems to malfunction and fail. As this happens, physical assets can be damaged, which have to be repaired or replaced. Consider a water and sewage works for example. Moving electro-mechanical components such as motors and pumps are particularly susceptible to damage if intentionally operated outside their design parameters. Unauthorised control system changes can circumvent measures designed to protect these assets, resulting in damage to the asset and potentially to surrounding components. Repair or replacement of large moving machines is expensive, and in many cases service restoration will be complicated by long lead times for procurement and the difficulty and disruption of exchanging the damaged assets. Cybersecurity protection is important to avert this unnecessary downtime and cost for your business.
4. Harm to your profits
Ransomware attacks, where cyber criminals demand vast sums of money for systems to be restored, are becoming increasingly common. Even where victims do not pay out, every minute a company is prevented from operating leads to financial loss. For example, if a factory is not able to produce goods, it’s not able to earn money. In other types of cyber-attack, businesses may have to pay compensation to people injured by a machinery malfunction, cover the cost of an environmental clean-up, carry out expensive repairs or pay higher insurance premiums.
5. Harm to your reputation
If a company experiences severe harm to the surrounding environment, its people or finances following a cyber-attack, this could also cause long-term reputational damage. People may no longer want to work at the company, investors may withdraw their support and planning authorities may deny licences for operation. Nobody wants to do business with a company that is lax with its responsibilities – and certainly not one that is unlawful*. In installing effective cyber-security to protect themselves from attack, companies show that they are professional, diligent and take their duties to all stakeholders seriously.
VINCI Energies brand Cougar Automation can help companies mitigate the risk of a cyber-attack wherever they are in their cybersecurity journey – from audit, risk assessment and developing good governance, to the design and commissioning of cyber-security defences.
Get in touch to find out how we can help keep your operations running smoothly, safely and securely.
*Since May 2018 essential services must implement at least a basic level of cybersecurity protection under the Security of Network & Information Systems (NIS) regulations (2018) in UK law.