Recently, there’s been an overwhelming trend of cyber-attacks dismantling company data and with it, public opinion of that company. Food manufacturers are constantly exposed to cyber-attacks and in unique ways. For example, have you ever thought about ransom? No, not the kind in high profile movies and crime shows where a person is held for ransom. Cyber security experts at the FBI recently warned that ransomware attacks may be on the rise. This type of malware actually encrypts your data, then demands that you pay a fee in order to access it.
Think that sounds too high profile for your industry and businesses alike? Think again. A mid-size pallet recycling company with four plant sites and 300 employees had standard information stored on their intranet including engineering diagrams, payroll, account data and business documents. Typical firewall security was in place. However, when the company’s owner was working remotely, he opened an email from what was seemingly a familiar address. Within a few seconds the system slowed down and the owner received a message that if he wanted access to the computer, he needed to pay ransom. All of the data on the computer was already corrupted causing several production delays.
So when a cyber-attack like this happens, who’s actually paying for all the protection, personal data monitoring, forensic investigation and network equipment replacement? Traditionally, it’s been the companies impacted, and if covered, insurance carriers.,In the case above, the company did not have insurance to cover the event.
Unfortunately, the recycling company mentioned above is not alone. A staggering 43 percent of U.S. companies have experienced a data breach in the last year according to the Ponemon Institute. Despite the rise in breaches, 27 percent of companies didn't have a data breach response plan or team in place.
Could you stall production in the event that data was lost, stolen or held ransom? Do you have employee’s personal information stored on a company network? What about vendors’ information, or ,manufacturing plans and processes? Do multiple people have access to your network? Do you have the capital to pay for lost production, post-event monitoring and/or litigation? Exposures are everywhere, which is why it’s important to explore an inexpensive, but important, coverage – Cyber insurance.
5 Guidelines for Purchasing Cyber Insurance
Cyber insurance coverage is a relative newcomer to the insurance market. This can present some challenges for both businesses and insurers. To date, there are no official industry standards for cyber insurance, but there have been major strides in recent years to establish some. Here are a few key considerations for purchasing this coverage:
- Understand the coverage that you have, and the coverage that you don’t.
Many food manufacturers might assume that a commercial general liability (CGL) policy covers losses in the event of a cyber-attack. However, assumptions like that can be dangerous and costly, as many CGL policies specifically exclude electronic data. Take the time to review your current coverage and work with your insurance broker to identify any exclusions that might leave you vulnerable. - Understand your company’s specific needs.
Different policies have different limits, sublimits and exclusions for different kinds of losses, so it’s important to work with an expert who can find exactly where your liabilities lie and what kinds of coverage you need. - Get Retroactive Coverage
Most cyber insurance policies limit coverage to breaches that occur after a definite “retroactive date.” This could mean there may be no coverage provided for claims made due to breaches that occurred before the policy period, even if the insured didn’t know about the breach when it bought the policy. Because breaches may go unknown for some time before claims are made, you should always ask for a retroactive date that is earlier than the launch date. This will guarantee the coverage includes unidentified breaches that occurred before the plan incepted but initially give rise to a claim after it did. - Be Aware of Broadly Worded Exclusions,
It is not unusual to find cyber protection provisions that oppose the basic purpose in buying the coverage. Some policies broadly reject coverage for any liability arising from a breach of contract. - Obtain Coverage for Vendor Acts and Omission,
Odds are that at least a portion of your company’s data processing and storage is outsourced to a third-party vendor. Therefore, it is important your cyber insurance policy cover claims that result from breaches caused by your data controlling vendors.
There are a few other procedures for protecting your manufacturing business from cyber-attacks and purchasing the right amount of coverage, including the use of indemnity contracts. Ensure your company is protected from diverse cyber exposures by consulting appropriate insurance and legal counselors.
About the author
Tammy Incapreo is a Vice President at Assurance with over 13 years of experience as a commercial Property & Casualty broker and direct writer. She’s an expert on the manufacturing industry and takes a partnership approach with clients to reduce their total cost of risk. Tammy graduated from the University of Illinois – Chicago with a Bachelor’s degree in Business and holds an Associate in Risk Management designation.