Not long ago, when manufacturers spoke about cyber concerns, the conversation centered on how to safeguard employee data. Today however, the “Internet of Things” (IoT), the use of technology to control machines, interconnect processes and improve efficiency, is changing the conversation. IoT has made it easier for cybercriminals to bring production lines to a halt.
Last year, for example, pharmaceutical manufacturing giant Merck was one of many victims of the NotPetya virus. As it wormed its way through networked systems, the virus forced production of Merck’s GARDISIL vaccine to stop. Research/development, packaging and other operations were also impacted. Lost sales and additional expenses cost the company millions of dollars.
Click to Test Your Insurance Knowledge
Download our quiz. Read the brief scenarios.
Then choose what type of insurance policy is most likely to apply.
Our answers appear at the end of the quiz.
Advisory firm Gartner reports that “nearly 20 percent of organizations observed at least one IoT-based attack in the past three years.” As manufacturers and their information technology teams grapple with how to safeguard production lines and other business-critical operations, risk managers have an additional concern: Cyber-related business interruption losses likely aren’t covered by their existing property insurance policies.
Property Insurance Isn’t Cyber Insurance
Property insurance policies are designed to cover losses due to physical perils, such as fire, flood, or wind damage. While they may provide some coverage for cyberattacks and other inadvertent network interruptions, cyber policies provide broader coverage grants for cyber business interruptions. Risk managers responsible for manufacturing operations should discuss the benefits and costs of the following coverages with an experienced broker or adviser:
- Cyber Business Interruption and Extra Expenses. This type of coverage would apply to a direct loss of revenue or profits if manufacturing is halted. For example, if a production line is shut down due to a cyberattack, a cyber business interruption policy could cover the cost of lost sales. It also could cover extra expenses such as those associated with changing locations, leasing equipment and other activities necessary to continue business operations.
- Cyber Contingent Business Interruption. This type of coverage would apply to losses resulting from a cyberattack impacting a key supplier or key client. For example, if a manufacturer relies on a supplier for critical parts and that supplier cannot deliver due to a cyberattack, the cyber contingent business interruption coverage may cover the manufacturer’s additional cost to secure those parts elsewhere or reimburse for lost business. The coverage would apply only to a direct supplier or client, not to a supplier’s supplier or to a client’s client, unless specifically scheduled and underwritten by the insurer. This coverage can be difficult to secure because insurers want details about what the supplier or client is doing to mitigate risk.
- Cyber Reputational Harm. Even after a business has been restored following a cyber incident, customers and potential clients may lack confidence in the enterprise, resulting in declining business for a time. Coverage is available on a limited basis.
Plan for Business Interruptions
Considering the increasingly technology-reliant nature of production operations and the broadening scope of cyberattacks, manufacturers and their business partners may find it worthwhile to revisit and update their business continuity plans. In the process, they should pay special attention to mitigating known risks, something that insurers always consider when determining premium rates.
If you aren’t sure what your risks are and you would like to speak with an expert, contact Hylant. We have tools to help manufacturers and their vendors assess and quantify cyber risks.
The above information does not constitute advice. Always contact your insurance broker or trusted adviser for insurance-related questions.