The insurance industry is seeing a rise in claims from manufacturers who are being specifically targeted by cyber criminals.
Before we get into the details of the growing threat to manufacturers, let’s look at the overall costs to global and UK business.
Cyber security for business
According to SonicWall, 2021 was the most costly and dangerous year on record with nearly 500 million attempted ransomware attacks (to September 2021) and anticipates that the true number is closer to 714 million attempts by the end of 2021. This is a 134% surge compared to the same period last year.
The UK Government’s Cyber Security Breaches Survey 2021 issues some frightening statistics. In short, the survey reports that ‘Four in ten businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (65%), large businesses (64%) and high-income charities (51%)’.
A quarter of these businesses experience an attack at least once a week, with phishing attacks being the most common at around 80% of all attacks. One in five will lose money, data or other assets. Only 3 in 10 businesses have a business continuity plan that covers cyber security. Only a quarter of businesses have cyber security policies that cover home working.
It is now more important than ever for a business to have a contingency plan, and cyber insurance. This means that, if your organisation experiences an IT failure or a cyber-attack that disrupts your business operations, your insurer may cover your loss of income during the disruption and provide additional cover in the aftermath. Every policy is based on business requirements, so it is important to work with a broker to really understand what is, and isn’t covered, and how to minimise your risk to exposure in the first place. A business is responsible for how it implements its own cybersecurity, so the responsibly cannot be shifted solely to an insurer without taking extra precautions to begin with.
For the manufacturing industry it’s not just an increase in frequency, but severity too that has led to an increase in industry-specific losses and insurance premiums. The sector faces an increasing threat of ransomware attacks and can be seen as a lucrative target by cyber criminals. For some organisations, how digital files are stored can heighten the risk and leave a manufacturing facility largely exposed to ransomware threats.
While it cannot prevent a breach, cyber insurance is designed to cover your organisation if it is infected by ransomware or malicious software that attempts to seize control of and withhold access to your operational or personal data until a fee is paid. Forensic support provides your organisation with near immediate 24/7 support from cyber specialists following a hack or data breach.
If your organisations digital assets are lost, corrupted, or altered in any way by a cyber-attack, your cyber insurance policy may cover the costs to restore and rectify the data.
Other losses that Cyber policies may respond to are theft of funds, extortion, corporate identity theft and telephone hacking. One area of concern for manufacturers is the reliance on machinery such as CNC machines that are operated remotely. Downtime from a cyber-attack could affect productivity and lead to a loss of revenue. This would not be covered under a traditional policy, but a cyber policy could provide necessary cover.
Whilst insurance premiums are on the rise because of the increase in the perceived threat of Cyber, there are some additional risk measures that businesses and manufacturers can take to protect themselves and secure cover at a comparably lower price:
- Multifactor authentication – is an electronic authentication method in which a user is granted access to an online system or file only after completing at least two evidence-digital mechanisms.
- Offline back-ups – a feature or process whereby files that a user wants to back up online is first backed up offline.
- Enhanced employee training for phishing and similar attacks – ensuring that all employees are aware of the threat, what the consequences are and are fully supported with the relevant training and scenarios.
- Email filtering – this is the processing of e mails according to pre-defined criteria and is normally an automated process at an SMTP server that applies anti-spam techniques. Filtering can be applied to incoming emails as well as to outgoing ones.
An in-depth risk health check can identify some of these risks, and a good insurance broker will have access to a wider variety of insurance markets that specialise in the manufacturing industry and be able to create a bespoke package for manufacturers with protection against the threat cyber poses as one of the covers. Embracing risk assessment and risk management now can build resilience for the future and keep British manufacturing safe from the cyber threat.