Manufacturers are increasingly being targeted by not only traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations for these attacks range from money and revenge to competitive advantage and strategic disruption.
Malicious Cyber Events within the manufacturing industry are often with the intent of disruption to operations to cause direct financial loss, or to steal intellectual property and trade secrets.
E-Cyber is designed to protect manufacturers against these malicious cyber attacks providing customised coverage for crisis management in identifying and resolving the cause of any cyber or extortion event, as well as offering the financial protection for any fallout, such as the increased cost of working or direct loss of net income due to the covered event, or covering any ransom that might be payable.
Data manipulation, ransom, and breaches are a concern for Manufacturers.
Whether the data is corrupted, exposed, or held ransom, E-Cyber is designed with an understanding of the inherent exposure manufacturers encounter. The policy covers the cost to the company of managing through a breach, or a ransom event, as well as data restoration in the event of a cyber event. The policy further extends to consider the legal and regulatory implications of data breaches and covers any fines and penalties with regard to a regulatory investigation.
A System failure at a manufacturing company can cause extensive disruption to the manufacturing process which can have a knock on effect to a supply chain, resulting in extensive financial losses.
Much like data management, maintaining network integrity presents a serious challenge, as inadvertent System Failures can be just as disruptive as malicious cyber attacks. Whether the failure is caused by negligence or mistake in managing the company’s system, a programming error, or a malfunction or failure of the company’s system, the operational outage will undoubtedly cause financial loss.
Many of these system exposures are intended to be covered within the E-Cyber policy as the triggers for business interruption and the liability sections extend beyond malicious acts and to the practicalities of managing a system failure. As a result, we handle many of these system interruptions as if they were malicious and would look to provide coverage for event management to identify and resolve the system failure, the increased cost of working or direct loss of net income due to the covered event, or any defence costs and any subsequent damages or fines which may be incurred as a result of the event.
Sept 2015 – A concrete manufacturer fell victim to a ransomware attack when one if its employees opened a phishing email. The malware penetrated through the companies network encrypting critical files and production systems. The financial impact was severe. The company paid the ransom but still suffered more than a week of downtime and had to employ external consultants to clean the network. The company also became liable for contractual penalties under a number of its contracts for failing to fulfill its delivery deadlines.
2007 – A phone manufacturer was subject to a cyber extortion event. The hacker managed to steal an encryption key used in its operating system. The attacker threatened to make the key public if the manufacturer didn’t meet payment demands, which could have resulted in criminals uploading legitimate-looking but malicious apps to phones worldwide. The ransom was met by the manufacturer and was said to be millions of euros.
A manufacturing company had systems infiltrated by an activist hacker who corrupted the POS software. The manufacturer was unable to process stock, replenish orders and verify the price of goods. A claim was made for Business Interruption and Loss of Profit.
December 2015 – A toy manufacturer was hacked, resulting in 3.3 million accounts being exposed to include full names, birthdays, genders, nationalities and email addresses.
November 2015 – An electronic toy manufacturer was the victim of a massive data breach resulting in the exposure of 4.8 million customer’s details, including the personal data of children.
2015 – A leading manufacturer of video cameras and other digital cinematography tools had valuable intellectual property stolen by a competing executive. The company was sharing its IP via email. A competing executive, who was a former employee, had obtained login details whilst working for the company. The company failed to deactivate the former executives account, allowing him to redirect the exchange of IP to his current email. The IP theft resulted in a large number of counterfeit products hitting the market.
May 2014 – Thousand of files were stolen from a solar panel producer including information on cash flow, manufacturing metrics, production line information and privileged attorney-client communications relating to ongoing trade litigation. The information was said to have been stolen to enable a Chinese competitor to target business operations aggressively from a variety of angles.
2005 – A large car manufacturer had 13 of its plants shut down due to an internet worm which originated from an infected laptop. All production ceased, affecting 50,000 assembly line workers.