The report highlights six key considerations to help the industry close its cybersecurity gaps and embed cyber governance throughout the organization:

  • Embrace a new cyber culture: Everyone in the supply chain must take cybersecurity into consideration. It only takes one weak link to expose the entire chain.
  • Identify your cyber leader: Every organization needs to identify a senior leader, who is accountable for cyber. They should not be an IT executive, but somebody senior, who is accountable for cyber across the enterprise and equipped with the skills and knowledge to do so effectively.
  • Understand your crown jewels: You can’t protect your operations effectively if you don’t know what needs protecting.
  • Look beyond IT: Your IP and operational technologies are your competitive edge. Failure to protect them from theft, damage, or leaks could mean losing your market position.
  • Consider your lifecycle: Cybersecurity isn’t all about the final product. Effective cyber governance covers the entire process, from design and engineering, to production and distribution, post-sale service and beyond. Each step comes with its own cyber considerations.
  • Don’t wait to lead: While there are many good examples of Canadian companies taking charge with cyber, the sector tends to wait on directions from their OEMs or customers to make a culture shift. It’s important to take that lead now, both within your enterprise and among your supply chain, because anything that happens will inevitably impact you.