Cyber Security in Manufacturing & Engineering: How to Manufacture the Best Strategy for Your Company
October 6, 2015
The common movie theme where a wild robot wreaks havoc on an unsuspecting human populace (i.e., Terminator) has not happened yet (at least not that we are aware of); nor have people starting using metal maids on a mass scale like Rosie from the Jetson family. That being said, cyber liability exposure is a growing risk, and sometimes a multi-million dollar concern depending on a company’s operation. For manufacturing, engineering and distribution companies, cyber liability is or should be one of the first coverages to consider reviewing. If you don’t think your company’s firewall can be breached, think again.
Risk management in the manufacturing and engineering industries should be an ongoing conversation, rather than an annual presentation. Societal advancements, culture and the way we live our lives requires that technology play an important part in a company’s risk management process. Direct focus on risk assessment and consideration should run through the whole organization.
Understanding Cyber Security & Liability Coverage
Cyber security is perhaps the biggest risk to technology operations, while product design and innovation is the largest risk to a business over the next several years. Rather than having a board or audit committee being responsible, risk management is better served by a dedicated staff and/or committee. This will ensure that the right people will be able to address and protect the company where exposure exists, whether it’s because of years of experience in the industry or having the ability to understand a company’s operation. Better yet, a broker with industry experience can really save you time and headaches, because he or she will understand operational exposures.
Cyber liability coverage is oftentimes misunderstood. People believe coverage is only available for electronic data protection or losses involving computers and networks. But this is not the case. Cyber liability coverage also protects paper files containing protected information, such as employee records and medical files. While cyber liability coverage may not be a common purchase for companies today, in the next several years we expect it to become the norm.
The world is trending toward mobile devices and away from stationary machines. Warehouses are being updated with miles of conveyors, controls and control software. No one company can do it all, and as a result the risk compounds upon itself exponentially. Contractors hire sub-contractors for each main function of the systems. New employees must be hired, varying in skill level and job function, but with different access to systems throughout a manufacturing plant, warehouse or distribution center.
Think about how our phones connect to machines like our cars, home security and audio systems. Many companies are doing the same with handheld devices and machinery in manufacturing, distributing and conveying operations. Because we want information, we create a need for information. This trending need exposes personal information on social media by allowing companies to see what we like or don’t like. We become more predictable and in turn make company exposures more predictable. We want things to happen at the click of a button, and we want immediate technological gratification. To get instantaneous responses, companies and people sacrifice personal information and sometimes procedures. Cyber liability coverage will develop over time to account for advancing technology risk concerns.
Everything in today’s world requires speed and accuracy. It’s what we feel is needed to function. Yes, automation makes things faster and easier. However, since so many vendors are needed to create an automated warehouse or controlled distribution center, each one of them brings their risk of access to information. Many times, in order to support the information being available immediately, 24/7 support includes a Virtual Private Network (VPN connection). This type of always-on support creates new avenues to breach a system and gain information.
With all of the potential risks that come along with interconnected technologies, what steps can you take to better protect your information?
Cyber Security Best Practices for Manufacturing & Engineering Industries
Vet Your Sub-Contractors
Prior to working with a subcontractor, make sure you thoroughly vet them first. Require them to perform certain activities for a system ahead of time and make sure they tell you exactly when they’re going to do it. You should also incorporate clear language in your sub-contractor contracts regarding indemnification terms. This will ensure that you’re protected should things go South.
Broaden Your Coverage
It can be very easy to assume that you’re covered if something should go wrong, but there’s only one way to know for certain. Make sure your policy language is broadened to pay for credit monitoring for affected individuals. Your policies should also be written so they cover any public relations expenses you incur as a result of any crisis communications services you need to mitigate reputational harm.
Have an Emergency Plan
The time for planning is before a crisis occurs, not afterward. Therefore, having an emergency response plan in place is critical. If this is your first time creating one, you don’t have to do it alone. Loop in your broker, your legal team, your head of communications, and any other stakeholders who can provide you with insight into what needs to be accounted for should a cyber-crisis occur.
The cyber risks associated with interconnected technologies are a reality of modern-day business operations and they aren’t going away anytime soon. However, this doesn’t mean you’re helpless. By vetting your subcontractors, making sure you have the right insurance policies in place and creating a comprehensive emergency plan, you’ll keep the wild robot at bay.
Philadelphia, PA, 19102