Advanced manufacturing has opened up new opportunities and future growth for the industry as manufacturers continue to invest in integrating cutting-edge technologies into products, automating the shop floor, connecting supply chains, and increasingly investing in valuable intellectual property (IP). Among these risks are cyber threats that include everything from theft of intellectual property; phishing and related variants; the increasing sophistication and proliferation of threats; security breaches involving a third party; and social engineering.
Phishing is a cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Social engineering is a form of techniques employed by cyber criminals designed to dupe unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites.
According to a study conducted by Deloitte, “Cyber Risk in Advanced Manufacturing,” the highest proportion of cyber threats originated from within the company (46%) while 39% came from external sources, and 15% originated with vendors and business partners. Top internal threats include phishing, employee abuse of IT systems and information, and employee errors and omissions.
Unfortunately, while nearly half of the respondents in the study believe that senior managers are committed to improving their companies’ cyber risk profiles, the funding to support key cyber initiatives remains a significant challenge. In order to overcome this challenge, company leaders need to understand their cyber risk profiles and appropriately allocate resources to mitigate risk.
For example, look at your shop floor. Today’s industrial control systems operate highly automated manufacturing processes that place a premium on employee safety, environmental protection, and operational efficiency. Yet 50% of surveyed companies in the Deloitte study indicate they perform vulnerability testing for industrial control systems less than once a month while 31% have never done an assessment. Without accessibility system testing, a manufacturer can miss hidden access points that could be vulnerable to attack.
Another key area to assess is the risks involved with increased dependence on technology-enabled connected products and the Internet of Things (IoT). According to Deloitte, close to 50% of manufacturers have mobile apps associated with their connected products, and more than three-quarters (76%) use Wi-Fi to transmit data among their connected products. More than half (52%) report that their connected products can store or transmit confidential data, including Social Security and banking information. Yet nearly 40% of manufacturers do not incorporate those products within their broader incident response plans, potentially slowing their responses to cyber attacks and malware.
In addition look at who’s in charge of keeping intellectual property safe. The Deloitte survey revealed that those surveyed said it was the job of the CIO (33%), followed by the CISO (20%). However, in 42% of surveyed companies, the job fell to another individual: the head of R&D (20%) or the head of manufacturing (22%). This responsibility needs to be clearly delineated in an organization in order for a manufacturer to maintain accountability for cyber risks associated with IP protection and, for that matter, shop floor automation and connected products.
Cyber Liability Insurance Protection: Must-Have Coverage for Manufacturers
In addition to putting strong security protocols in place to help mitigate the risk of cyber threats, Cyber Liability insurance is critical for manufacturers. A Commercial General Liability policy will not cover you for cyber exposures. Cyber insurance can be designed to respond to:
- Data Breaches: Companies are responsible for protecting the personal information of their employees as well as clients. Exposures to a data breach can happen through hacking, loss of a laptop, unauthorized employee access among other means.
- Third Party Damages: These damages can have various forms. Transmitting a virus to another company or a data breach for companies responsible for protecting or maintaining data can result in third party damages.
- Business Interruption: Many businesses maintain this coverage for losses resulting from fire, natural disaster, etc. Most policies won’t provide coverage for loss of use of your computer system due to data breach, virus or other cyber issues that can shut the business down.
- Cyber Extortion: This is an area of increasing risk where hackers can control websites or networks and demand payment to restore your systems to working order. This may impact the ability to conduct business and can result in significant direct and indirect financial loss.
Precision Manufacturing Insurance Services (PMIS) provides comprehensive Cyber insurance solutions with our ManufacSurance® product for the manufacturing sector. Our team of experts will work with you to find the right cyber security solution against data breach and other cyber attacks. Just give us a call at 855.704.7306.