After healthcare, the manufacturing sector is the second-largest industry being targeted by cyber criminals. Moreover, as the industry undergoes a revolution with Industry 4.0 – leveraging the Internet of Things (IoT) and the benefits of digitization, connected machines and cloud services for productivity gains and cost efficiencies – greater cyber exposures loom.
In fact, a study conducted by Deloitte found that 40% of manufacturing firms have experienced a cyber attack in the past year with 38% of them incurring more than $1 million in total damages. Manufacturers not only are at risk of having their own information compromised, but they could also be liable for putting their customers at risk, too. In January 2017, the U.S. Food and Drug Administration warned Abbott Laboratories that hackers could manipulate its defibrillators and pacemakers. The FDA wrote in a letter that if the company didn’t immediately correct the violations, its actions could include “seizing, injunction and civil monetary penalties.”
According to Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI), top cyber concerns among manufacturers include: intellectual property theft; phishing, pharming, and other related variants; security breaches involving a third party; social engineering; employee errors and omissions; external financial fraud with regard to information systems; employee abuse of IT systems and information; mobile devices; and attacks exploiting mobile network vulnerabilities.
It’s important for manufacturing clients to understand that their General Liability and Property policies typically include exclusions for cyber risks, and they need a dedicated Cyber insurance policy to attain end-to-end protection. A Cyber policy can be designed to include coverage for both first-party losses – costs the company incurs directly as a result of a covered event – and third-party liability – defense and payment of claims against a manufacturer as a result of a covered event. Available first-party coverages include remediation of a cyber incident, regulatory fines and penalties (including associated defense costs), PCI fines and penalties, and business interruption caused by a covered cyber event. Available third-party coverage includes claims involving breach of privacy, misuse of personal data, defamation, or transmission of malicious content related to a covered cyber event.
RPS can assist you in securing Cyber insurance designed for manufacturers. Give us a call to discuss your client’s risk profile and how we can best address his/her cyber exposures.