Cyber security: Beware of the wild robot

Insurance policies that cover cyber-security-related issues are something new to the marketplace, but should be highly considered because of the rising occurrence of attacks and the damage that can be done by these attacks.

By Luke Foley, Steve Phillabaum June 18, 2015

Risk management in the manufacturing and engineering industries should be an ongoing conversation, rather than an annual presentation. Business, society, and culture require that technology play an important part in our life. Direct focus on cyber security challenges should be paramount for companies.

Cyber security is the biggest risk to technology operations, while product design and innovation is the largest risk to a business over the next several years. Rather than having a board or audit committee be responsible, risk management is better served by a dedicated staff and/or committee. This will ensure that the right people can address and protect the company where exposure exists, whether it’s because of years of experience in the industry or having the ability to understand a company’s operation. Better yet, a broker with industry experience can really save you time and headaches, because he or she will understand operational exposures.

Cyber security insurance

Cyber liability coverage is oftentimes misunderstood. People believe coverage is only available for electronic data protection or losses involving computers and networks. But this is not the case. Cyber liability coverage also protects paper files containing protected information, such as employee records and medical files. Also, executive officers would be happy to know that cyber liability coverage includes business interruption insurance for loss of income and operating expenses arising out of a network breach exposing personal information. The risk is real—especially since one company alone can provide all of the controls, project management, engineering, design, and network efforts. Partnerships, where many industry experts come together, are a requirement.

Cyber liability coverage may not be a common purchase for companies today; however, over the next several years we expect cyber liability to become the norm. The world is trending toward mobile devices and away from stationary machines. Warehouses are being updated with miles of conveyors, controls, and control software. No one company can do it all, and as a result, risk compounds exponentially. Contractors hire subcontractors for each main function of the systems. New employees, varying in skill level and job function, must be hired but with different access to systems throughout a manufacturing plant, warehouse, or distribution center. These subtle differences require varying access levels within a company network and if not managed properly can pose significant openings for data theft.

Think about how phones connect to machines like cars, home security, and audio systems. Many companies are doing the same with handheld devices and machinery in manufacturing, distributing, and conveying operations. Because we want information, we create a need for information. This trending need exposes personal information on social media by allowing companies to see what we like or don’t like. We become more predictable and in turn make company exposures more predictable. We want things to happen at the click of a button, and we want immediate technological gratification. To get instantaneous responses, companies and people sacrifice personal information and sometimes procedures. Cyber liability coverage will develop over time to account for advancing technology risk concerns.

Everything in today’s world requires speed and accuracy. It’s what we feel is needed to function. Yes, automation makes things faster and easier. However, since so many vendors are needed to create an automated warehouse or controlled distribution center, each one of them brings their risk of access to information. Many times, in order to support the information being available immediately, 24/7 support includes a virtual private network (VPN) connection. This type of always-on support creates new avenues to breach a system and gain information.

Best practices to better protect business

With all of the potential risks that come along with interconnected technologies, what steps can you take to better protect your information? While there is no way to absolutely prevent a cyber attack, below are a few best practices to help better protect your business.

1. Vet subcontractors

Prior to working with subcontractors, make sure you thoroughly vet them first. Require them to perform certain activities for a system ahead of time and make sure they tell you exactly when they’re going to do it. You should also incorporate clear language in your subcontractor contracts regarding indemnification terms. This will ensure that the company is protected in case something adverse occurs. 

2. Broaden coverage

It can be very easy to assume that you’re covered if something should go wrong, but there’s only one way to know for certain. Make sure your policy language is broadened to pay for credit monitoring for affected individuals. Company policies should also be written so they cover any public relations expenses incurred as a result of any crisis communications services you need to mitigate reputational harm.

3. Have an emergency plan

The time for planning is before a crisis occurs, not afterward. Therefore, having an emergency response plan in place is critical. If this is your first time creating one, you don’t have to do it alone. Loop in your broker, your legal team, your head of communications, and any other stakeholders who can provide you with insight into what needs to be accounted for should a cyber-crisis occur.

The cyber risks associated with interconnected technologies are a reality of modern business operations, and they aren’t going away anytime soon. However, this doesn’t mean you’re helpless. By vetting your subcontractors, making sure you have the right insurance policies in place, and creating a comprehensive emergency plan, you’ll keep the wild robot at bay.

– Luke Foley and Steve Phillabaum are producers for The Graham Co.; edited by Eric R. Eissler, editor-in-chief, Oil & Gas Engineering, eeissler@cfemedia.com.

Key concepts

  • A cyber security breach is not "if" but "when."
  • Protect yourself and your company by having a cyber security plan.
  • Get covered! Review insurance policies that cover cyber incidences.

Consider this

Cyber security insurance is an emerging industry. Being insured against cyber attacks may help companies save money on PR issues that arise in the aftermath of the attack.

ONLINE extra

See related stories on robotics below.