In the most recent edition of EEF’s executive survey, manufacturers look at the growth opportunities and challenges that lie ahead, in partnership with AIG. The survey focuses on companies' expectations for growth in their business, across the UK economy and globally. The survey also provides an early warning of some of the issues that could knock these predictions - which are largely positive for 2018 - off track.
Outside of domestic politics, as manufacturers have been investigating what the fourth industrial revolution means for their business, their heightened awareness of the risk of cyber-attacks is clearly evident this year. The survey highlights the importance of addressing emerging cyber exposures.
Awareness of cyber risk has grown substantially and, at a time when trade is dominating concerns about the future, cyber risk stands out as a largely unrelated threat that is rapidly rising up the risk agenda. In the past, manufacturers could have been forgiven for thinking they were relatively sheltered from the cyber risk, but the summer of 2017 has turned this thinking on its head.
The WannaCry ransomware attack crippled organisations from a wide range of industry sectors around the world, spreading indiscriminately and causing lengthy and costly business interruption. The attack was followed by a fresh strain of the Petya ransomware, which further exploited the same Microsoft Windows vulnerability. Some systems were down for several weeks, costing billions of dollars in lost revenue. While the worm was not specifically designed to target operations technology networks, WannaCry impacted several large manufacturers.
Concern over cyber risk is also likely to be driven by growing compliance responsibilities. The European General Data Protection Regulations (GDPR) are coming into force in May this year with strict rules regarding collection, use and storage of sensitive data. Companies experiencing a breach will need to notify stakeholders; there will be steep fines and penalties for firms that have inadequate controls and protections in place.
At a time when manufacturing and engineering companies are looking to further automate production and have greater supply chain flexibility, it is also clear that a connected world is also a more vulnerable one. The 'air gapping' defence of industrial control systems no longer exists in a world of connected devices, where something as benign as a smart thermostat can be exploited as a way in by hackers.
Cyber risk can impact manufacturing and engineering organisations in numerous ways, including the disruption to production resulting from ransomware and denial of service attacks, as well as the costs and reputational fallout associated with data breach attacks. Physical damage resulting from a cyber incident is also possible, although not all insurance policies provide affirmative cover.
It is important for organisations to consider how different cyber scenarios play out. Mapping these exposures against insurers’ suites of policies will show how insurers should respond and whether there are any exclusions or gaps that can be identified and dealt with.
In addition to risk transfer, brokers and cyber insurers offer pre-loss services, working with insureds to ensure they maintain standard systems hygiene, to avoid being the low-hanging fruit. With the knowledge that it is now impossible to prevent every attack, even with the best security and systems in place, companies should also practice their breach response, so they can take swift action when their systems are compromised.
Your St. James's Place Partner will be able to advise you on which of our panel providers you would need to be referred to, given your particluar circumstances for further advice in this area.