cybersecurity liability insurance: the manufacturing mandate

05/10/2018

Spending on cybersecurity liability insurance is up. Way up. As noted by P&S Market Research, the market is already worth almost $3.4 billion — and is on track to more than quadruple in the next six years.

It makes sense: Companies are now responsible for the safe handling, storage and destruction of personal information, financial data and intellectual property. And since data breaches are an inevitable part of digital existence, robust insurance is required to offset any financial damage and ensure businesses comply with federal regulations.

One industry poised for cyber insurance growth is manufacturing, as internet-connected robots, protocols and data silos are becoming high-priority targets for digital criminals.

Critical Risk

The Insurance Information Institute (III) notes that while data breaches at Fortune 500 companies continue to make headlines, smaller businesses are increasingly at risk. With more than 28 million small businesses operating across the United States, there's a huge opportunity for hackers to compromise companies that don't have effective security controls in place.

A breach could lead to significant financial and reputation issues if small businesses don't have solid cyber coverage. According to III data, the top cyber risks for SMBs include negligent employees and contractors as well as mistakes made by third parties. Using social engineering attacks or infected websites, attackers can gain access to company networks and then steal (or ransom) critical data.

For smaller businesses, effective protection is now a combination of digital security best practices — such as regularly changing passwords on network-connected devices and monitoring network traffic — and investments in cybersecurity liability insurance, which covers costs related to downtime, lost revenue and breach notifications.

Building Security

At small manufacturing companies, meanwhile, a new category of threats is emerging: System and operating process errors. For example, the III reports that 35 percent of SMB data breaches in 2016 took the form of system or process errors.

In a non-manufacturing SMB, process errors could mean system downtime or lost revenue — but in manufacturing plants, sudden system interruptions could lead to significant physical damage, employee injury or death. As noted by Deloitte, 40 percent of manufacturing firms experienced at least one cyber breach in the last year; most incurred losses of more than $1 million.

Cyber threats to manufacturing firms are evolving. New attack vectors on the horizon include:

  • Compromised Protocols — Specific protocols exist to monitor assembly line performance and record production data. If these protocols are compromised, companies could lose both critical information and actionable insight.
  • Robot Risks — Automated assembly lines increase efficiency, but if robots are hijacked by hackers, the results could be catastrophic.
  • Business Interruption — Interruption of production lines could cause fires, floods or other physical disruptions.
  • Cyber Extortion — Intellectual property or prototype data could be extorted for large payments.

It's also worth noting that with the cybersecurity liability insurance market still evolving, manufacturing companies should ensure the coverage they purchase meets their individual needs. Specifically, look for:

  • Retroactive Coverage — What date does coverage start? If possible, opt for retroactive coverage, which accounts for existing breaches that haven't been discovered yet.
  • Specific Inclusions — Basic policies may not cover manufacturing-specific concerns. It's important to ensure protections for internet-connected devices and protocols are included.
  • Vendor Acts Protection — Manufacturers often deal with multiple third parties for inventory control, transport and data handling. Make sure coverage extends to their potential mistakes.

Bottom line? SMBs need cyber insurance. Manufacturing companies, meanwhile, are fast becoming a top target for cybercriminals and require digital insurance policies that address industry-specific risks. Talk with your insurance agent to see what coverages your business needs.