RGB_insight_cyber target_fly-d-OLRXnzXFBjo-unsplash.jpg
RGB_MFG_Mike Schlagenhaufer.png

Schlagenhaufer

INSIGHT FROM ...

Mike Schlagenhaufer, Manufacturing Consultant, Acuity Insurance

Industry 4.0 is delivering tremendous benefit to manufacturers, but it also requires that manufacturers manage the ever-increasing risk of cybercrime, including through cyber insurance.

With Industry 4.0, the digitization and connection of operational technology (OT) equipment to manufacturing systems has become easier and more widespread. Industry 4.0 has enabled manufacturers to receive data in real time, which helps with quality control, product output, and the ability to see the actual condition of production machines. It provides true predictive maintenance capabilities to manufacturers, allowing them to determine when machines might fail and make a conscious choice to take preventative action or run machinery to failure or shutdown ahead of a failure.

OT is connected to production machinery by hardwiring, Bluetooth, or Wi-Fi to existing IT assets. This connectivity allows PLCs, machine operating controls and equipment sensors to talk to MES, ERP and CMM systems. It provides a real-time picture of the health of equipment, making it easier to “listen to the whisper of machines,” as they say.

But there’s a downside — connecting OT and IT systems has also opened an additional door for cyberattacks against manufacturers. These attacks can give a hacker unauthorized access to steal, manipulate, sell or hold hostage data.

To reduce the chance of unauthorized access to their systems, manufacturers should:

  • Build and connect systems with security in mind
  • Train employees on best practices of good cyber hygiene and provide ongoing refresher training
  • Monitor and validate control device integrity, looking for virtual or physical changes on an ongoing basis
  • Continually update security protocols and systems and limit access to the minimum required by each user
  • Back up all data and duplicate the most critical systems
  • Verify all third-party vendors and service personnel and ensure their equipment and tools are not infected with spyware or viruses before allowing access
  • Engage with a third-party subject matter expert if internal cyber capabilities are limited

The importance of cyber insurance

Risk identification, mitigation and management are best practices to defend against potential problems and limit the damage caused by potential unauthorized access. However, even the best prevention plans can be thwarted by a cybercriminal, so having cyber insurance in place should be part of every manufacturer’s risk management strategy. Because cyber insurance and coverages vary widely, it is important to understand what a particular policy covers so you can make an informed buying decision.

Cyber insurance can include both first- and third-party coverages. First-party coverages provide payment to you in the event you suffer a cyber loss. Some coverages available in the insurance marketplace include:

  • Cyber Extortion: Responds to an extortion threat when a cybercriminal gains control of systems and locks you out of them, demanding payment to release systems or data. This coverage helps to pay for investigation costs and approved payments for eliminating credible ransomware.
  • Computer Attack: Responds to a cyberattack that damages your data and systems. This coverage helps a manufacturer restore its systems and business data and pay for public relations services it may need.
  • Data Compromise Response: Provides resources to respond to a breach of personal information. It pays for forensic IT, breach notification, credit monitoring and legal expenses.
  • Misdirected Payment Fraud: Responds to a situation in which there was a wrongful money transfer by the business or its bank. It pays for direct financial loss resulting from criminal deception.

Third-party coverages provide protection in the event a suit is brought against your company due to a cyberattack. Some cyber liability coverages to consider include:

  • Network Security Liability: Provides defense and settlement costs in the event of a lawsuit alleging that a system security failure to one of your systems caused damage to a third party.
  • Data Compromise Liability: Provides defense and settlement costs in the event of a lawsuit brought forth because of a breach to a third party’s personal information.
43_insight from breakout.png

These descriptions are for illustrative purposes. In the event of a cyber loss, the specific coverage provided by a policy will apply.

Some insurance companies bundle first- and third-party coverages into a single, convenient product. For instance, Acuity’s Cyber Suite is a broad insurance solution designed to help businesses respond to a full range of cyber incidents. An independent insurance agent can help guide you to select the coverage that is right for your business.

As manufacturing machinery and equipment become more connected to the internet, it is important to manage the increased cyber risk. If you implement and maintain good cybersecurity and partner with a reputable cyber insurance provider, Industry 4.0 can be a key tool for you and your business to grow and succeed.

Mike Schlagenhaufer has more than 40 years of experience in manufacturing, starting with an apprenticeship in Germany and working his way through the manufacturing field before becoming Acuity’s manufacturing consultant.

Tags