It’s hard to believe that it’s been over a year now since COVID-19 entered our lives here in the U.S. — back when we truly didn’t understand the impact it would have on us, our families, our communities and our workplaces. As the U.S. and other countries went into lockdown to help stop the spread of the virus, we all watched the overwhelming toll it took across the globe. 

Now, here we are a year later, and we know a great deal more about the virus and what it means to be resilient. Vaccines are being distributed, new cases are decreasing and there’s a sign of hope that we will soon be able to embrace, at least to some degree, a sense of normalcy sometime later this year. 

However, there are several areas where the pandemic will have a lasting effect, and one of those is cybersecurity. With the rapid adoption of remote workforces, which significantly expanded the attack surface at many corporations and other organizations, the need to ensure our systems were secure was vital. Equipping yourself with the best practices to protect your company’s data and reputation is critical, as well as working with an insurance partner that fully understands the risk management implications. In this issue, I cover what cybersecurity means for manufacturers, but the conversation doesn’t need to end there, so please don’t hesitate to reach out for any additional guidance. 

Rick

Manufacturing: A Major Target for Cyberattacks

By Rick French, SVP, NSM Insurance Brokers

The manufacturing sector is a prime target for cyber threats. In fact, the number of ransomware incidents involving this sector increased 156% between the first quarters of 2019 and 2020. In many cases, these are operations that cannot afford to be “offline” for an extended period of time, making them desirable targets for hackers. Unfortunately, many manufacturers have yet to update or refine their cyber playbook. In being slower to address the ever-evolving threats, they lag behind other sectors in implementing cyber security controls. 

It’s important to note that manufacturers don’t always face conventional types of cyber breaches you see in the headlines. For midsize manufacturers, the cyber risk is more about loss of critical data through data corruption or cyber ransom, and loss of confidential customer and employee information. Cyberattacks can corrupt IT systems and, at times, even force plant closures. Reputational risk is also a factor, as brand value can be impacted.

When a cyberattack targets a manufacturer, there are several immediate and long-term consequences. In the short-term, the impact is clearly business interruption — logistics and supply chain processes go down and manufacturers are unable to produce. The problem oftentimes is exacerbated because manufacturers produce product “stuff” that oftentimes goes into other people’s “stuff.” The manufacturing lifecycle can be long, and when disrupted, it can impact both suppliers and customers who may grow upset, exposing the manufacturer to further reputational risk.

To add insult to injury, far too many manufacturers assume their property insurance policy will cover a cyber-related event and the resulting interruption to their business. Here in lies the rub, property coverage generally excludes damage incurred by a hack or cyber intrusion. What to do? The best answer is to secure a separate cyber insurance policy as a backstop, and to check the box for the optional business interruption coverage.

Data breaches

Increased government regulations — both in the U.S. and abroad — have put more responsibility in companies’ hands to protect clients’ personal information. In the event of a data breach, it is now required by law to notify the affected parties. This is on top of footing the bill for security fixes, identity theft protection for impacted individuals and protection from possible legal action. It is also false to assume that if a manufacturer doesn’t operate online, it isn’t as susceptible to breaches. If a manufacturer stores data in electronic form, it is still vulnerable to breaches through an event such as unauthorized employee access or hardware theft.

Business interruption

If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third party that depends on your services, to lose potential revenue. Whether it’s a server failure or a data breach, such an incident can affect your day-to-day operations. As a result, time and resources that would normally be spent somewhere else need to be directed toward the problem, which could result in further losses. 

System failure

The winter storm that hit Texas last month is a recent example — among many — of how extreme weather, natural disasters, or malicious activity can result in data or code loss and significant financial damage. While the physical damages to a company’s hardware system would be covered under an existing business liability policy, data or code loss due to the incident would not be. 

Cyber exposures aren’t going anywhere anytime soon. Now is the time ensure your organization has the appropriate cyber liability policy in place before disaster strikes and to take preventative action to protect your organization and its reputation.

Making Sustainable Transformation Work for Manufacturers 

Sustainable manufacturing is the most important aspect to be considered by all production engineers, not because it is a fad but rather an obligation to the world we live in.

Full Story

COVID-19: Manufacturing Workers and Employers

Stay informed with guidance from the CDC and the Occupational Safety and Health Administration (OSHA) as it relates to the manufacturing industry. 

Full Story

Machine-as-a-Service: What Is It, and What are the Pros and Cons? 

Pay-on-demand for equipment could be a step-function change for small and medium-sized manufacturers.

Full Story