Mike Thoma, VP Chief Underwriting Officer – Global Technology at Travelers, talks with Manufacturing Business Technology about the cyber and intellectual property risks of 3D printing technologies that manufacturers should consider for smooth operations and the production of reliable goods.
Manufacturing Business Technology: Can you provide an overview of how manufacturers are integrating 3D printing into their daily operations and the advantages they enjoy from doing so?
Mike Thoma: 3D printing, also known as additive manufacturing, is changing the way physical goods are developed, produced and distributed across all industries. Products that took weeks and months to design, prototype and manufacture now take a matter of minutes, with manufacturers enjoying a shorter time to market and lower cost base. Combined, these elements offer a significant advantage over competitors using traditional manufacturing methods.
Manufacturing Business Technology: Do you see 3D printing adoption becoming more widespread in manufacturing? How else might the 3D printing market evolve in the near future?
Mike Thoma: While market size estimates vary, they uniformly indicate a large and growing market. Wohlers Associates, a technical and strategic consulting firm to the 3D printing industry, estimated a $4.5 billion global market for 3D printing hardware, supplies and services in 2014 that could grow to $17.2 billion by 2020. For certain applications, McKinsey Global Institute projects that 3D printing could have an annual economic impact of $550 billion by 2025.
The continued adoption of 3D printing within manufacturing is being fueled in part by emerging 3D printing technologies such as:
- Stereolithography (SLA), the use of photopolymers, a type of liquid plastic that hardens when exposed to UV light, to manufacture layered products after a 3D printer reads the appointed design file.
- Fused Deposition Modeling (FDM), the use of extrusion, an industrial technique in which melted plastic is forced into a die to shape it into a continuous thread or filament, after which the machine cuts it to the desired length. Unlike SLA, FDM doesn’t require UV light and is more affordable.
- Selective Laser Sintering (SLS), the forming of objects from tiny particles of glass, nylon and even food-grade ceramic material using atomic fusion. The printer traces a cross-section of the desired object, heats the powder to just below boiling point to form a solid and allows each layer to cool.
- Inkjet Bioprinting, the blending of living cells into a 3D printer input called bio-ink for healthcare products. The printer reads customized, patient-specific CAD files to produce living human tissue in the patient’s exact required dimensions and increasing the odds of a successful implantation.
Manufacturing Business Technology: What are the cyber and property risks associated with 3D printing that manufacturers should consider?
Mike Thoma: As 3D printing technology continues to advance, so too do the inherent risks that global supply chain participants should act to minimize. If a 3D printed part or food causes injury or illness, it can result in a financially devastating lawsuit.
The four main risk categories for 3D printing include:
- Property Damage Risk: Physical damage to, or lost use of, tangible property caused by a non-owner. If a 3D printed object causes property damage due to a defect or a failure to function as intended, a lawsuit could result with parties involved in the product’s manufacturing or distribution chain potentially finding themselves named as a defendant.
- Bodily Injury Risk: Claims experts are confident that liability for bodily injuries via 3D printed objects can fall upon three possible parties: the product designer, the manufacturer who printed the product or the raw material supplier. Defective design, manufacturing or marketing are among elements that could form the basis of a liability lawsuit.
- Technology Errors and Omissions Risk: A company can be held liable for economic losses resulting from the failure of a printed product to work as intended, due to error, omission or negligent act. High-profile product failures can destroy a customer’s business continuity and even damage a company’s reputation.
- Cyber and Intellectual Property Risk: Industry experts classify cyber risk as the potential financial loss, reputational damage or business interruption due to improperly secured data held within information systems. It can occur as the result of a cyber criminal’s attack, ineffective IT department policy, IT security software failure, or even damage from disgruntled employees. Any 3D printed product must be designed using CAD software, which produces files that may contain proprietary information. If those files are lost or stolen, it can spell disaster.
Manufacturing Business Technology: What safeguards can manufacturing owners establish when developing a risk mitigation program for the use of 3D printing?
Mike Thoma: Manufacturers of 3D printed items must prepare for all possible outcomes of a user’s experience with their products, including class action or mass tort lawsuits due to bodily injury or property damage risks. Direct and reputational costs from product liability events can cripple companies, sometimes endangering their very existence. Companies should consider safeguards such as those below to help minimize exposure to property damage and bodily injury risk:
- Conduct robust hazard analysis: Methods such as fault tree analysis (FTA), failure mode and effects analysis (FMEA), and hazard and operability analysis (HAZOP) can help 3D printer and product manufacturers assess potential device hazards at different points in the 3D printing development and commercialization processes.
- Conduct routine design reviews: Firms involved in 3D printing should assess the frequency and severity of all identified potential hazards their devices could cause. All firms in the 3D printing chain should prioritize eliminating high-severity hazards such as firearms, toys and critical parts for automotive, rail or aerospace.
- Build in cybersecurity: As metals become more widely used as input materials, 3D printers will become a more popular method for producing electronic data components for industrial, household and medical applications. Where appropriate, manufacturers and product designers should provide locking mechanisms on devices and communication ports to prevent tampering, as well as issue a warning when a device’s cybersecurity is compromised.
- Conduct extensive testing: In addition to 3D printers and build systems, product manufacturers should test any peripheral hardware and input materials for resilience, performance and proper chemical composition. Sound information security practices, effective virtualization and clearly documented operating instructions are also highly recommended.
Contract practices can impact technology errors and omission risk also. Much of a company’s exposure can be mitigated by protective language in its end-user license agreements (EULA). To help manage exposure, companies should evaluate the following customer contract provisions:
- Limitation of Liability: This provision disclaims liability for certain types of damages including incidental, consequential and special damages.
- Damage Caps: These provisions limit the amount of recoverable damages, defining them in terms of a specific dollar amount or an amount to be determined based on specific factors outlined in the contract.
- Disclaimer/Limitation of Warranties: This provision identifies the warranties provided, disclaims or limits warranties not provided, and identifies the remedies available in the event of a product not complying with the warranties provided.
- Integration: This provision identifies the documents that comprise a party’s contract and limits reliance on documents and information outside of the contract.
- Contractual Risk Transfer and Defense/Indemnity Provisions: Provisions like these can shift risk to other parties.
Lastly, many companies connected with 3D printing underestimate cyber risk. Companies should consider the following steps to help minimize exposure to threats of this nature:
- Secure 3D printers: Companies who connect 3D printers to their LAN must respect the printer as a node that needs to be secured with adequate security software. Alternatively, the printer must be actively separated from the network altogether.
- Encrypt critical data elements: For the first time in popular manufacturing, a company’s proprietary competitive advantage can be stored as a single computer file that can be stolen, making it crucial for companies to encrypt their CAD files with the strongest algorithms available to prevent cybertheft.
- Secure the cloud: Cloud storage has gained widespread adoption as a cost-saving mechanism. However, CIOs should not trust a cloud provider’s security claims blindly. Written security procedures and, if possible, the provider’s premises should be reviewed to ensure they are being followed.
- Verify intellectual property rights: Product designers often create their own CAD design files and contract manufacturing firms to produce products for them. Contract manufacturers using 3D printers should verify that the designs provided do not violate any existing patent, copyright or intellectual property laws, as well as secure a hold harmless agreement to protect/indemnify them in the event of an intellectual property claim against the original designer.
Manufacturing Business Technology: Which types of insurance cover should manufacturers consider with respect to mitigating 3D printing risks?
Mike Thoma: Manufacturers should consider the following insurance products to help cover their exposures to 3D printing:
- Products Liability Coverage: Covers physical damage to, or loss of use of, a third party’s tangible property arising out of a product manufactured, sold, handled, distributed or disposed of by an insured party. It also provides coverage for physical harm to a person in similar circumstances.
- Errors and Omissions (E&O) Liability Coverage: Protects against damages and economic loss arising from an error, omission or negligent act tied to a manufacturer’s product or action.
- Information Security Coverage: Provides coverage for critical cyber risks across network, information security and communications liability. Firms can also opt for first-party expense reimbursement coverage across data restoration, business interruption, computer & funds transfer fraud, crisis management and security breach notification expenses.
Mike Thoma is VP Chief Underwriting Officer – Global Technology at Travelers.