Do Manufacturers Need Cyber Insurance?
Although ALL industries are at risk of cyber attacks now more than ever, did you know that manufacturers make the top 5 list of industries being targeted the most by cyber criminals according to Forbes?
That’s because digital systems such as IoT, shop floor controllers, and monitoring platforms have enabled the interoperability of different teams in the manufacturing industry to streamline processes.
Unfortunately, this convenience has also drawn the attention of cybercriminals for data theft or ransom demands capable of disrupting operations on a massive scale with global repercussions.
Here are five notable [and extremely costly] cyber risk exposures manufacturers face:
- Extortion: An organization’s security is only as strong as the judgment of its employees. All it takes is one employee clicking on what appears to be an innocent link, but it is actually malware, for all of the company’s data to be encrypted within seconds. A hacker will then contact the organization asking for a “ransom” ranging from a few thousand dollars to millions to decrypt the files.
- Forensic and Notification Costs: Should there be a cyber attack, the Manufacturer will need to engage a forensic investigator ($250-$500/hr) to determine the scope of the attack and if any sensitive data such as employee records or confidential corporate information was breached.
- System Damage: Manufacturers rely heavily on their computer systems to properly fill orders. Damage to a manufacturer’s computer system could be devastating and lead to defective products or a complete halt in production.
- Business Interruption: Manufacturers will experience a direct financial loss every hour that their systems are down. They will incur unexpected additional costs such as sourcing products by alternative means and paying staff overtime to meet deadlines.
- Social Engineering: Believe it or not, Cyber Crime (aka Social Engineering) is one of the most frequent claims in cyber insurance to date. Cybercriminals will trick financially responsible employees of the manufacturer to send money to a fraudulent bank account. Hackers have become patent and will open sit in the system undetected monitoring and intercepting email activity before executing their scam. Their tactics range from posing as the CEO, a vendor, or a client to simply creating fake employee profiles in the payroll system to siphon money out.
There are simple and effective measures that manufacturing businesses can put in place to be better prepared for emerging cybersecurity threats. These include having a formal incident response plan, effective backup strategy and testing, multi-factor authentication (MFA), Data Retention Policies, and endpoint Detection and Response (EDR) to name a few.
I won’t go into the weeds with technical IT details. That’s for the IT professionals to decide such as your in-house IT team, managed IT provider, or cyber security consultants to help develop. I suggest having your IT provider work in union with a quality cyber insurance policy so that you are prepared in the event of a data breach.
I work with some quality IT professionals and cyber security companies that I can recommend if you need help with this. Just reach out and ask if you need it.
Remember, there’s a reason why manufacturers make the top 5 list of industries being targeted the most by cybercriminals. You don’t just need to hold personally identifiable information to have a cyber exposure. The world is basically run on the cloud now and there’s no hiding from the cyber risk exposures prevalent in today’s technology-driven world.
Credit: Evolve MGA
3 Most Costly Types of Cyber Insurance Claims
A good cyber insurance policy starts with two core coverage components. These are:
- Data Breach coverage
- Cyber Liability coverage
Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.
Data Breach insurance coverage can help pay the [expensive] costs for such things as:
- Notifying affected customers, patients, or employees;
- Hiring a public relations firm for damage control;
- Offering ongoing credit monitoring services to data breach victims;
- Business income coverage to help replace lost income if you can’t run your business because of a data breach;
- Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.
Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:
Theft of funds
This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.
Theft of data
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think
Damage to digital assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.
So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.
Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.
No two carrier policies are the same and cyber insurance is absolutely not one size fits all!
Is the Cyber Insurance Market Stabilizing?
I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.
The cyber insurance market has been in a hard market for the past several years.
This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.
The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.
This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.
I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.
The cyber insurance market is a lot like the mortgage industry prior to 2008.
Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.
Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.
Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.
Underwriters won’t even think twice about insuring a business if these types of measures are not in place.
Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.
Let’s hope the cyber insurance market continues trending in this direction.
Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.
-JK
My Interview with Candy Messer on The Different Types of Insurance To Protect Your Business
Thank you to Candy Messer from Affordable Bookkeeping and Payroll Services for interviewing me on the topic of “The Different Types of Insurance To Protect Your Business” Some of the key items we discussed are:
- Tailoring Insurance Coverage for each unique business
- Commercial General Liability Insurance
- Workers Compensation Insurance
- Errors & Omissions (Professional Liability) Insurance
- Do home based businesses need a business insurance policy?
- Is business insurance required by law?
- Insurance for contractual requirements and lease agreements
- Employment Practices Liability Insurance
- The difference between Commercial General Liability and Errors & Omissions Insurance
- Cyber Liability / Data Breach Insurance
- How much does business insurance cost?
- Ways you can keep your insurance costs down
- Negotiating premiums with Carrier underwriters
Check out our interview together here:
Thanks for watching
-JK
Radio Interview: The Different Types of Insurance To Protect Your Business
I hope you’ll catch my radio interview hosted by Candy Messer of Affordable Bookkeeping & Payroll. We discuss all things Business Insurance and Risk Management. From General Liability for a home based business to Cyber Liability and Employment Practices Liability for small to middle market companies. You can catch our interview HERE. Also, link included below.
Topics include: General Liability Insurance, Errors & Omissions Insurance, Cyber Liability Insurance, Businssowners Insurance policies, Employment Practices Liability, Workers Compensation, Risk Management.
-JK
Insurance for Accountants, CPA’s and Bookkeepers
Accountants, CPA’s, Bookkeepers, Tax Preparers, and other financial services professionals work with a lot of sensitive, personal financial information which can expose them to high levels of risk. And that’s in addition to the every day risks they face – like damage to their place of business or business-related records, etc.
The Hartford is a great insurance carrier for Accountants, CPA’s & Bookkeepers and other financial professionals. They offer a product which bundles General Liability, Professional Liability (Errors & Omissions), Data Breach, Property, and Business Income into a single package policy at a really reasonable price.
Whether you’re a sole practitioner, or partner at a large accounting firm, you should consider The Hartford for your business insurance if you don’t have a policy with them already.
Contact me if you would like to see what The Hartford can offer. I am an appointed broker who can help you out with a quote for this.
-JK
Hackers Are Shutting Down Factories
A growing number of cyber criminals are targeting factories for ransom, knowing that the industry’s time-sensitive nature puts pressure on companies to pay up. “if we don’t make our product in time, that means Toyota doesn’t make their product in time, which means they don’t have a car to sell on the lot that next day. It’s that tight,” says John Peterson, AW North Carolina’s IT manager. The factory was hit with malware last year, with the potential to lose $270,000 in revenue, plus employee wages, for every hour it was out of commission.
Source: LinkedIn
Manufacturers: do you carry Cyber Liability / Data Breach insurance? Cyber extortion coverage protects your business against losses caused by ransomware and other types of cyber extortion. Many cyber liability policies cover three types of costs.
-JK
Ransomware Victims Have Paid Out More Than $25 Million in Past Two Years
Ransomware victims have paid out more than $25 million in the past two years, according to a new study by Google, Chainalysis, UC San Diego and the NYU Tandon School of Engineering. The study reviewed 34 separate families and discovered that a particularly harmful strain, Locky, received more than $7 million in payments. Ransomware, which infects and locks a system until payment has been received, has become “an almost unavoidable threat” over the past few years. It’s shown to be popular amongst cybercriminals, who often demand payment in the form of bitcoin. Two ransomware attacks made earlier this year by WannaCry and NotPetya had been “deemed destructive in nature,” Forbes writes, but only received $140,000 and $10,000, respectively.
A viable solution to this sort of threat? A good Cyber Liability insurance policy will pay extortion expenses and extortion monies as a direct result of a credible cyber extortion threat. This is only one of the many areas a Cyber Liability insurance policy can help.
Cyber insurance can be essential in helping your company recover after a data breach, with costs that can include business disruption, revenue loss, equipment damages, legal fees, public relations expenses, forensic analysis and costs associated with legally mandated notifications. A lesser-known benefit of cyber insurance is the role it can play in protecting your company long before a breach occurs.
#RansomwarePayout #CyberLiability
-JK
Be Careful of Those ATM Card Skimmers
Are you like me where you get paranoid using public ATM’s and paying for gas with your card at the pump? I am sketched out about ATM / credit card skimmers that scammer’s place on public machines to trace your personal information. I stumbled across this video on Facebook. This is in Europe, but it doesn’t matter, this can happen anywhere. Be vigilant my friends!
-JK
Educate Your Employees During National Cyber Security Awareness Month
This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.
Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:
- Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
- Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
- Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.
Those wishing to participate in this year’s activities can find a number of resources available online, or contact me for further cyber security materials.
-JK
About Me
I grew up in Fullerton, CA and graduated from Servite High School in Anaheim. I have my Bachelors degree from Loyola Marymount University in Los Angeles. I currently live in Tustin, CA.
Please contact me if you need help with any of the following lines of insurance for your business:
-Cyber / Data Breach
-Commercial Property
-Commercial General Liability
-Products Liability
-Workers Compensation
-Commercial Auto
-Umbrella/Excess Liability
-Errors & Omissions/ Professional Liability
-Employment Practices Liability
-Directors & Officers
-Life & Disability Insurance
Jimmy Kinmartin, CPCU 