The majority of modern manufacturing businesses have become increasingly reliant on electronic systems, commonly used in day-to-day administrative tasks, purchasing and supply chain processes and operation and maintenance of machinery.
With an increased reliance on these electronic systems comes an increased risk should those systems fail or be subject to attack.
As manufacturers continue to invest heavily in devices which can collect and exchange business data – the Internet of Things – security and the results of a breach are posing new and developing challenges.
Traditionally, business interruption insurance has covered loss of income related to the damage of physical materials, equipment or facilities. As such, cyber attacks would not usually have been covered as data is not a tangible object.
However as insurance coverage adapts to meet the changing business environment and the growth of the Internet of Things, cyber-related business interruption cover is becoming easier to obtain.
Insurers will want to see that businesses have sufficient continuity plans in place that can be implemented if and when their systems fail, reducing the risk that relatively minor attacks could become major problems. In order to protect themselves against frequent claims, policies are likely to include time limits after an attack before coverage kicks in.
In terms of making a claim and determining what is covered, there are many things for companies to consider.
An important issue to resolve is over third party failures, for example where cyber-related business interruption is the responsibility of a cloud-based service provider. This contingent business interruption can be covered, but only by certain insurers.
For business interruption coverage to be triggered, companies should be able to establish a direct link between the cyber attack, the business interruption and the resulting loss of revenue. Insurers may justifiably contest that some business losses, incurred following a cyber attack, are not actually a direct result of the breach. It should be fairly clear if an attack has directly brought down a system or altered data, causing a business to put operations on hold.
It is also important to discuss with your broker whether your policy will cover you if a security breach becomes public knowledge and customers are driven away as a result, causing you loss of revenue.
This is where business continuity planning becomes paramount. If you are unlikely to receive any financial compensation for loss of customers or damage to your brand, planning ahead can identify other measures of protecting yourself in these respects.
It is important that your broker helps you design a policy which properly reflects your situation and the risks your business faces. Should an attack happen, open and honest dialogue with your broker and your insurer will help a proper resolution be reached quickly, so that your business can continue trading with minimal disruption to you and your customers.
01923 211 290