MMS 2021: Meet the Speaker

2 mins read

Sean Sutton is a cyber security partner at PWC UK.

After delivering one of the largest implementations of data loss monitoring technology at a tier 1 retail and commercial bank, Sean has a comprehensive understanding of the challenges relating to securing sensitive unstructured data within complex environments. With significant experience of designing, building and leading many subsequent large scale data security programmes Sean's experience puts him at the forefront of security specialists with a deep knowledge in this area.

He is speaking at Subcon on 15 September in the Manufacturing Management Theatre. Subcon, Manufacturing Management Show and The Engineer Expo will take place in-person at Birmingham’s NEC from 14-16 September and are free to attend by registering at

What are the big issues facing the UK manufacturing sector at the moment, and why are they causing such headaches?

Supply chain cyber risk has significantly increased with several high-profile cyber attacks hitting the media over the past few months. The global pandemic has really brought the fragility of our supply chains into focus, and whilst this has been compounded by other issues such as Brexit and a shortage of raw materials, it has also been seen by cyber criminals as a good opportunity to target weak links in supply chains. This comes at a time when they are already stretched to cause maximum impact and thereby increase the likelihood of payment on ransomware.

The pandemic has pushed the issue of cyber security up the agenda. How does cyber security impact manufacturing?

Manufacturing is at the heart of everyone's daily life; in the products we buy, the materials we use in our homes and offices or throughout the transport network. Manufacturers have been much slower to invest in Operational Technology (OT) cyber as it has always been seen as separate to IT and therefore not exposed to the same type of cyber risk. As manufacturing systems and environments are becoming more integrated via industry 4.0, migration / integration with cloud environments, digital transformation or by connected devices (IoT, smart products) the potential attack surface has increased significantly.

What do businesses need to be aware of and how can they prepare to build their cyber security defence and mitigate possible attacks?

There are several key areas to focus on when it comes to securing manufacturing environments:

Governance, roles and responsibilities and culture - is it clear who owns the OT cyber challenge, how it will be managed and controlled, how it will integrate to broader cyber and risk functions? Is there a cyber culture within manufacturing sites?

Asset knowledge - what OT assets do you have, where are they, what threats are they exposed to and how do you manage the risk/ threat to those assets? Monitoring and detection - can you detect malicious or unusual activity within the manufacturing environments? Incident response - if you have an incident in your manufacturing locations how will you respond?

Why are you looking forward to speaking at Subcon this year and what will visitors get from your session?

It is always great to talk with and meet people who are interested in cyber, especially in manufacturing as the challenge presented by securing OT cyber is significant. I am always happy to share my knowledge and insight from working with many different types of clients and believe that sharing good and bad experiences collectively is the best way to improve cyber security across the sector. I always aim to do this during my presentations and in any follow up discussions.

Tell us how it feels to be attending an in-person event again?

It will be fantastic to be able to attend an event in person - after such a long time these types of events will definitely have a huge amount of enthusiasm and energy and it will be great to share a room with industry peers to learn and share experiences once again.