How a smart insurance policy minimises cyber risk

The appetite for automating processes continues to grow as manufacturers search for greater efficiency. The International Federation of Robotics estimates another 1.7 million industrial robots will have been installed in factories worldwide by 2020.

While there are obvious cost and productivity benefits, it also increases risk. The security of manufacturing operations is no longer a periphery problem for the technology department to worry about – it’s a topic of boardroom conversation.

Mutual insurance company, FM Global, advises members to take a three-pronged approach to minimising the risk of cyberattacks on the factory floor. They should consider:

  • Digital and physical links – Data corruption can be devastating to your business, especially if it causes intellectual property loss. While the threat of hackers is real, this corruption could also be caused by unauthorised physical access to your data centre or connection via an unsecure company data point.
  • Information security – Ensuring you have control of physical access to your data systems is the first step. Controlling digital access to your data systems is next.
  • Industrial control systems – Effectively restricting access to the systems that control your manufacturing process will mitigate the prospects of unauthorised access, avoiding unplanned disruptions.

An issue of global significance

FM Global is currently in the process of hiring up to 10 high-level security professionals with backgrounds in organisations like the US National Security Agency (NSA) and Federal Bureau of Investigation (FBI). They will be located strategically around the world with the closest based in Singapore or Melbourne.

Lyndon Broad, operations manager for FM Global in Australia, says the insurance industry has taken a fragmented approach to cybersecurity, with businesses typically purchasing an individual form of cyber-specific malware insurance protection.

“If there’s a virus or malicious code introduced into a client’s location, it damages the software and the data,” he says. “That’s insured under the FM Global policy because we consider software to be property.

“However, the consequences of an attack can also go on to disrupt the manufacturing process. For example, by introducing a virus into a CNC machine, it’s unable to perform its’ manufacturing role.”

It’s very unusual for a first-party property policy to consider software as property and for it to cover the business impact that results from cyberattack.

Large manufacturing organisations already understand these exposures. They employ risk managers and realise that cybersecurity is now an issue on the boardroom agenda.

Smaller manufacturers are less likely to have these specialist risk management skills in-house and are less aware of the potential impact. But that’s changing thanks to high-profile news stories.

In June 2017, German drug and vaccine manufacturer Merck suffered a worldwide disruption to its operations as a result of an international cyberattack, halting production. This was a horror story that manufacturers large and small could relate to.

FM Global urges its clients to carefully consider the protection of sensitive business information – whether it’s intellectual property or customer details – when developing risk management strategies and insuring against potential losses.

With the growing interconnectivity of global business, there will be no hiding places for manufacturers, whether they’re based in Australia or overseas.

“As the manufacturing industry’s insurer, this means that our role around cybersecurity has become one of global significance,” Broad says.

To download FM Global’s industry whitepaper, click here.