The manufacturing sector is a prime target for cyber threats. In fact, the number of ransomware incidents involving this sector increased 156% between the first quarters of 2019 and 2020. In many cases, these are operations that cannot afford to be “offline” for an extended period of time, making them desirable targets for hackers. Unfortunately, many manufacturers have yet to update or refine their cyber playbook. In being slower to address the ever-evolving threats, they lag behind other sectors in implementing cyber security controls.
It’s important to note that manufacturers don’t always face conventional types of cyber breaches you see in the headlines. For midsize manufacturers, the cyber risk is more about loss of critical data through data corruption or cyber ransom, and loss of confidential customer and employee information. Cyberattacks can corrupt IT systems and, at times, even force plant closures. Reputational risk is also a factor, as brand value can be impacted.
When a cyberattack targets a manufacturer, there are several immediate and long-term consequences. In the short-term, the impact is clearly business interruption — logistics and supply chain processes go down and manufacturers are unable to produce. The problem oftentimes is exacerbated because manufacturers produce product “stuff” that oftentimes goes into other people’s “stuff.” The manufacturing lifecycle can be long, and when disrupted, it can impact both suppliers and customers who may grow upset, exposing the manufacturer to further reputational risk.
To add insult to injury, far too many manufacturers assume their property insurance policy will cover a cyber-related event and the resulting interruption to their business. Here in lies the rub, property coverage generally excludes damage incurred by a hack or cyber intrusion. What to do? The best answer is to secure a separate cyber insurance policy as a backstop, and to check the box for the optional business interruption coverage.