Plugging the Cyber Gap
and cyber coverage
seamlessly is an area
of increased focus for
risk managers and
By Alex Wright
Manufacturing and logistics companies are living in constant fear of the next big cyber event. Advancements in smart technology and interconnectivity in the manufacturing and supply chain process only heighten cyber risk. This has had the unintended consequence of leaving companies
more vulnerable to cyber attacks than ever, as evidenced by the recent spate of
NotPetya and WannaCry attacks that devastated many businesses last year. Once
hackers get hold of the relevant codes, they can shut down entire manufacturing
processes and supply chains, causing untold damage and costing companies
billions in lost revenue.
As a result, demand for cyber coverage has spiked over the last year. However,
given the relatively new nature of cyber as a risk, there’s less historical data
available, making coverage harder to find.
Added to that, as an admitted risk, property coverage is regulated on a state-by-state basis. But because cyber risk is non-admitted, bolting it on to an existing
property program, particularly for a company operating in multiple states, can be
problematic because of the different way the two types of cover are regulated.
An even deeper-lying issue: Many companies don’t understand what coverage
they have and whether they will be covered for a cyber event that causes property
damage or business interruption. This was tested by last year’s NotPetya cyber
attack on Merck & Co, which disrupted production of its medicines and vaccines
on a mass scale. The company has yet to quantify its total losses.
“We have seen a definite increase in the inclusion of non-physical business
interruption coverage within manufacturers’ property policies,” said Tracie Grella,
global head of cyber insurance, AIG.
“Since property policies provide coverage for business interruption caused
by physical loss, it is only logical to want to extend coverage within the property
policy to include business interruption caused by a cyber attack, rather than by
having a standalone cyber product.”
Emy Donovan, global head of cyber and tech PI, Allianz Global Corporate
& Specialty, said cyber threat increased as a result of manufacturing companies
connecting more of their processes to the internet. Added to that, there has been
a move toward smarter processes, which, when they go wrong, can leave the
company exposed to even wider business interruption (BI) problems, she said.
“Now companies have got the internet of things devices within their
production facilities and rely on connected functionalities for critical operations,”
she said. “Additionally, we all used to have manual work-arounds for processes that
were somewhat connected.
“But now we have all dismantled those work-arounds in favor of ‘smart’
processes. That means that if something ‘smart’ breaks, there’s no other way to
complete the task, so the BI loss gets worse.”
The problem has been exacerbated because companies rely so heavily on these
interconnected systems to run their day-to-day business, leaving them susceptible
to malware and ransomware attacks, said Graeme Newman, chief innovation
officer, CFC Underwriting. But this has at least caused risk managers and
companies to sit up and take notice of
“Following the surge in ransomware
and destructive malware that we
witnessed in 2017, the awareness of
cyber risk among more traditional
industries has risen,” he said.
“For them, the exposure is more
akin to the risks covered under their
property policies, hence why they have
turned to these to look for cover.”
• Using the same underwriter for
property and cyber is advisable.
• The IOT is increasing cyber risk
• Property is an admitted risk;
cyber an unadmitted risk.
“Following the surge in
ransomware and destructive
malware that we witnessed in
2017, the awareness of cyber
risk among more traditional
industries has risen.”
— Graeme Newman, chief innovation officer, CFC
Bolting cyber coverage onto property coverage is a challenging task for manufacturers and others.