In March, Norsk Hydro ASA, one of the world’s largest aluminium producers, experienced production outages after being hit with ransomware that affected the manufacturer’s operations in Europe and the United States. While Norsk Hydro has cyber insurance, according to reports from Bloomberg, manufacturers more broadly often have lacklustre cyber policies in place that don’t provide enough coverage, and the industry on the whole is the victim of the second highest number of cyberattacks, directly behind healthcare.
There are a number of reasons why manufacturers are at a disadvantage when it comes to cyber threats. Deloitte’s “Global Cyber Executive Briefing – Manufacturing” revealed that many manufacturing systems were developed during a time when security wasn’t as big of an issue, and the focus of the technology has mainly been on performance and safety, rather than security. Moreover, because these systems are so complex, the network infrastructures are extremely specialised, while at the same time, the systems are operated and managed by manufacturing specialists, and not IT personnel.
“The manufacturing experience is something that’s been focused on logistics and supply chains, and you’ve had robotics and other equipment that have driven the manufacturing process. This has changed where a lot of this equipment is now maintained, updated, and secured through the internet and through IP addresses, [but] historically, a manufacturing entity has not been focused on IT security as they’ve been focused on operational security or physical security,” said Shawn Ram, head of insurance for Coalition, which offers a suite of comprehensive insurance coverage and free cyber security tools.
When a cyberattack targets a manufacturer, there are several immediate and long-term consequences.
“The short-term impact is clearly business interruption – logistics and supply chain processes go down and you’re unable to produce product,” explained Ram. “The problem with manufacturing is oftentimes, manufacturers produce products that are going into other devices and other equipment months down the road. There’s a long tail for manufacturing, and so the longer-term impact is that you have suppliers and customers who are very upset, so there is reputational damage long-term.”
The cyber insurance space has only just started catching up to the risks facing manufacturers since the coverages primarily tended to focus on data breach and the loss of private information, like PHI or credit card numbers.
“The issue with cyber today is that cyberattacks go far beyond impacting privacy. They will impact things like bodily injury, property damage, pollution, and business interruption,” Ram said. “The cyber industry has not appropriately addressed some of these more tangible or operational-related risks.”
In response to manufacturers’ cyber risk, Coalition has unveiled coverage tailored specifically to these businesses that covers data exposure, as well as property damage, bodily harm, and pollution in the aftermath of a breach, while also providing preventative tools before and after incidents occur to mitigate damage.
“It’s very easy in our industry to solely focus on coverage, but this is a more complete solution,” commented Ram, adding, “We believe these tools actively prevent claims and actually improve the risk profile of an account.”