Advanced Manufacturing
6 Reasons Manufacturers Need Cyber Insurance
The Changing Cyberattack Landscape
October 11, 2024
Cybersecurity is one of the most challenging issues facing companies today. As manufacturers integrate digital technologies and automation, they become more susceptible to cyber threats. The combination of information technology and the dependence on operational technology has introduced a variety of new vulnerabilities in operating systems and broadened the attack surface for cybercriminals.
Many manufacturers have attempted to create a shield by investing in cybersecurity, but this is only part of the challenge. Because manufacturers can have complex supply chains, they are dependent on other companies to secure their systems from cyberattacks. Today, it is imperative that manufacturers have a proper cyber insurance policy in place to protect themselves from a cyberattack on their own company and protect them in case a cyberattack disrupts a dependent supplier.
Stand-Alone Cyber Insurance Policy Protections
A properly structured stand-alone cyber policy provides coverage against financial losses associated with addressing a cyberattack—losses not typically covered by other policies. Here are six protections to consider:
- Ransomware: In a ransomware attack, bad actors encrypt files and lock your company’s network. They demand ransom, typically paid in cryptocurrency, in return for unlocking the network and not leaking data on the dark web. A cyber policy can provide money for the ransom and the hiring of a skilled negotiator.
- Business Interruption: During a ransomware attack, a manufacturer may be completely shut down and unable to operate, which could lead to a loss of revenue. Business interruption coverage reimburses you for lost income and expenses to restore operations resulting from a cyberattack on your computer systems.
- Contingent Business Interruption: Manufacturers can have a complex supply chain relying on dozens of other companies to build their products. If one of these suppliers were to fall victim to a cyberattack that left them inoperable, it could impact your ability to generate revenue. Contingent business interruption coverage helps you recover lost income and cover the costs necessary to get back up and running if a third party's computer system you depend on for your business is disrupted.
- Bricking: When a cybercriminal installs malware on a device and renders it inoperable, it is known as “bricking” (i.e., turning the device into a brick). Bricking is a common attack and claim among manufacturers. Bricking coverage will reimburse funds for replacing a component of your computer system to return it to its original pre-incident condition.
- Social Engineering: Social engineering reimburses money lost due to someone impersonating another and fraudulently providing instructions to transfer funds. Manufacturers can be susceptible to these attacks due to the volume of vendors and suppliers they work with.
- Incident Response: Where do you turn if your business suffers a cyberattack? With whom do you partner? How long do you have before you must notify individuals? Incident response coverage helps you pay for data breach attorneys, forensic experts, public relations consultants and other services.
Cybersecurity Trends
Manufacturers should know about the following trends:
Double Extortion: Organizations have become better at protecting and backing up their cyber networks. For a bad actor, this means that a simple ransomware attack may not be successful; the target company may be able to continue functioning without paying the ransom. So, criminals have evolved and are launching "double extortion ransomware attacks” where, in addition to locking the network, they steal and threaten to release sensitive data unless the ransom is paid.
Supply Chain Attacks: A data supply chain attack, sometimes called a value chain attack or third-party attack, occurs when a bad actor infiltrates a company’s information technology system through a third party. Today, you must manage not only your internal network but also understand who has access to it and what you can do to minimize and potentially prevent a cyber event.
Contingent Business Interruption Claims: With the CDK Global attack that impacted vehicle dealerships and the CrowdStrike update outage, we are seeing what the impact of one company going down from a cyber event can have on an entire industry. Given the complex supply chains that manufacturers can have, it is imperative to have this coverage in place to protect against a dependent business becoming inoperable due to a cyberattack.
Operational Technology: Since 2022, attacks targeting operational technology have increased considerably. Historically, only nation-state-backed threat actors were known to target operational technology, but recently, there has been a spike in attacks from hacktivist groups. This makes sense, given the advancements in generative AI, because it makes conducting sophisticated cyberattacks on operational technology easier.
Clorox: Significant Supply Chain Disruption
According to a Securities and Exchange Commission (SEC) filing by Clorox, an attack took many of its automated systems offline, including those used by large retailers such as Walmart and Target to order products. The breach of one organization can disrupt an entire supply chain.
The incident cost Clorox USD 356 million due to a 20% decline in sales based on attack-induced decreased production volumes. The company also suffered a steep drop in stock price and spent $25 million to secure their systems after the breach. While Clorox never confirmed whether this was a ransomware attack, the fallout—particularly the operational downtime—was consistent with other ransomware attacks.
Johnson Controls: Multinational Risk
Johnson Controls was the victim of a ransomware attack in the fall of 2023. First, their Asia offices were breached, and then the virus spread throughout this multinational organization. The ransomware gang “Dark Angels” took credit for the attack, exfiltrating over 27 terabytes of data. They demanded an initial ransom of USD 51 million.
While the firm did not disclose whether it paid a ransom, it filed a disclaimer with the SEC stating that the cost of remediating the attack totaled USD 27 million. The organization said that systems were restored as of early 2024. While it admitted that data was stolen, it did not say whether it was released on the dark web or compromised in another manner.
Helping You Understand Your Cyber Risks
Hylant’s cyber experts assist manufacturers in identifying risk from an insurance perspective. We help you understand the probability of something happening, quantify the impact and create a plan for protecting your people, assets and company finances. Learn more here.
Related Reading: What Is Cyber Insurance?
The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.
Authored by
Bobby Platten
Risk Advisor
Cleveland
With 12 years of underwriting experience, Bobby has developed a deep expertise in assessing and mitigating digital risks for businesses. He excels at crafting tailored solutions to complex Cyber Insurance issues.
Related Insights
Covered Risks Under Basic and Broad Forms of Commercial Property Insurance
November 7, 2024
6 Reasons Construction Companies Need Cyber Insurance
November 6, 2024
EBSA Confirms Cybersecurity Guidance Applies to Health and Welfare Plans
October 16, 2024