Protecting manufacturers from cyber risks with a preventative plan

If the envisioned “Wisconvalley” is ever going to economically rival Silicon Valley it will need to become the shining example of Industry 4.0 embracing all the advantages techno-evangelists say their cloud-computing solutions offer. However, when this new technology allows a hacker in Pyongyang to overheat the boiler at a plant in Sturtevant, Wisconsin manufacturers will also need to take measures to deal with increased cyber exposures and embrace a proper cyber insurance policy.

“Industry 4.0.” “The Internet of Things (IoT).” As the next phase of the manufacturing revolution is upon us, the industry is connecting workers, data, and equipment like never before. And all of this is happening in “the cloud.” While this is LEAN and allows work to be done worldwide, it offers a range of cyber exposures.

The median number of days an organization is compromised before a breach is discovered is 146. Conversely, the average number of days an attacker needs to obtain access to an administrator’s credentials is three.

In today’s world, systems are primarily technology driven and interconnected, making it possible for hackers to shut down entire production lines with one click. Imagine having your day-to-day business interrupted due to a breach, or even a full system failure. How would your company respond? Do you have a recovery plan in place until business resumes?

Cybercrime

Large or small, every manufacturer is a target. What makes your business profitable is what someone else wants. Every day, the criminal enterprises are getting more sophisticated and there is virtually no risk to the criminal.

The greatest threat to employers? Their employees. Why? Due to email phishing scams, employees are easily tricked into providing information and/or allowing access in the employer’s system.

What to watch out for

• Bad spelling and/or poor grammar
• Unsolicited request for personal or confidential information
• Instructions to make a verification phone call
• Request to transfer money
• Promise of reward
• Impersonating senior staff

Protect your organization

• Discuss with your insurance agent to ensure you have the proper cybersecurity insurance policy
• Know what you’re protecting (customer database, intellectual property, business plans, employee records, etc.)
• Practice good security hygiene (complex passwords, firewall, backup data, patch & update, etc.)
• Perform security assessment or penetration test
• Train employees
• Develop and test response and continuity plans
• Encrypt whenever possible

Just as factories champion the number of accident-free days, businesses should track any attempted cyberattacks they detect and champion their successful deflection as a key performance indicator for the group.

Manufacturers should have a plan in place for a cyber breach. What would happen if a production line went into overdrive due to a malicious attack? What is the cyber breach notification plan? What is the cyber risk management strategy? Does the cyber insurance cover physical disruption or system failure? Many cyber insurance policies for manufacturers explicitly exclude this risk.

Our partners at Travelers provide 4 Key Risks to Consider in a Cyber Risk Management Program:

1. Manufacturing defect
   • With technology so tightly interlocking finished goods, any defect can be widespread and cause operational dysfunctions. If the product does not work as intended, manufacturing defects can lead to injury and financial loss for customers, which can ultimately lead to lawsuits.
2. Property
   • Incorrectly integrating IoT technology into your operations, such as the use of a faulty algorithm, could lead to damage to your manufacturing facility, raw materials or finished goods. Devices can overheat, explode or otherwise malfunction in a way that causes harm.
3. Workplace safety
   • As manufacturing becomes increasingly automated, the need for proper training, procedures and safeguards when working near IoT machines, equipment and devices is critical. While traditional manufacturing equipment builds on a legacy knowledge of safety, emerging technology can bring new risks. Some of these advanced manufacturing systems may be designed without standard safety protocols, such as machine guarding and emergency stops, which can protect employees working near the automated equipment.
4. Cyber risks
   • A criminal attack, ineffective cloud security, IT security failure or the vulnerability of the IoT devices can all lead to a data breach if data held within the IoT systems is not properly secured. A hacker could halt production operations or steal the company’s Intellectual Property (IP) if it is stored within the devices or accessible through the hack.

Insuring your company’s safety

Cybersecurity insurance addresses cyberattacks from two angles—risk prevention and coverage should a loss occur. The insurance often promotes risk prevention by providing services and offering incentives to companies that strengthen their security. However, if an attack occurs, and for many companies, it’s not “if” but “when,” the insurance is designed to cover a multitude of losses.

While many insurance companies include cyber coverage within a package policy, it’s best to have it reviewed by a cyber insurance specialist as often times it offers minimum coverage. Given the pace that technology is changing, it is important to keep cybersecurity as part of the entire business operation discussion for greater operational efficiencies, safety advantages, and reduced costs.