The speed of technology continues to revolutionize the ways business gets done. It is also creating a new reality where cyber-attacks are triggering risks of stopping your machines from actually running, crippling your ability to generate critical cash flows.
Most manufacturers are unaware that when a hacker breaks into their computer systems and shuts down production, that resulting losses are not covered by property or general liability insurance. Even if you have a cyber policy, business interruption is not covered unless it says so explicitly.
To understand the pain caused by business disruption and damaged reputation, we need look no further than to Southwest Airlines. The company grounded over 2,000 flights in July due to a “computer glitch.” The resulting cancellations, refunds, meals, hotel bookings and additional staffing resulted in a 0.5 point decrease in the company’s third quarter operating revenue per available seat mile—a key metric of profitability. In other words, the airline suffered up to $82 million in lost revenues and additional costs, as these risks were not insured.
Hackers are now in the process of creating malevolent software that seems benign under surveillance, but morphs into malicious code once it's no longer under suspicion. It's called two-faced malware. Meanwhile, cybercriminals are continuing to employ so-called "blastware" that destroys or disables a system when detected. As attackers circumvent preventative controls, detection and response capabilities are increasingly mission critical.
Cyber threats are compounding
What happens to a manufacturing business when its production operations suddenly grind to a halt? And what are the consequences of being unable to satisfy customer demand? In today’s business environment of increased automation, connectivity and globalization, even the most powerful organizations in the world are proving vulnerable to cyber threats.
The focus of manufacturing technology has traditionally been on performance and safety, not security. This has led to major security gaps. The growing complexity of these systems has resulted in large and elaborate network infrastructures that are extremely specialized. And in many cases these systems are being operated and managed by manufacturing specialists rather than IT professionals. When combined with the integration of IT operations and supply chain partners, these trends have created an environment with innumerable exposures that are very difficult to manage and secure.
Manufacturer cyber-attacks vary widely. In the past, attacks involved hackers gaining unauthorized access to sensitive systems and data. Phishing facilitates the process by tricking executives and employees into revealing login credentials and other private information, giving attackers front-door access to the organization’s systems.
Now, in an era of ubiquitous connectivity when more and more manufacturing supply chains communicate by internet and without human intervention, industrial control systems become even more vulnerable to malicious software that infiltrates weak systems and hardware (often legacy manufacturing systems) and then spreads itself to other systems, leaving behind a trail of destruction and disruption.
The results of any of these attacks can be severe, ranging from loss of valuable ideas and market advantage to financial and reputational damage – particularly in cases where production ceases and cash flow disappears.
Cover the risks
Cyber insurance can make the difference between staying in business or shutting your doors after an attack. A general liability policy specifically excludes losses incurred because of the Internet, so a well negotiated cyber liability policy can pick up where your general policy leaves off.
A well-negotiated cyber insurance policy can include "first party" coverage, which pays for business interruption, the cost of notifying customers of a breach, and even the hiring of a public relations firm to repair your reputation. Having this cash available in the event of a crippling attack keeps the lights on until cash flow returns. In fact, the best policies even cover regulatory fines or penalties resulting from a data breach.
From Yahoo to Colin Powell, it seems that no target is too big for a cyber-attack. The truth is no target is too small either. Being a small manufacturer does not provide immunity. Cyber insurance with the right provisions, on the other hand, can provide the risk coverage needed for your supply chain partners to sleep better and still get paid. ●
