Cyber-crime and the Manufacturing Industry
Integrating Cyber Security & Business Continuity Planning
Imagine. You’re a CFO of a mid-size manufacturer checking emails on a Tuesday morning. Suddenly, you come upon an email from the CEO providing account information for a large transaction she needs completed. There’s nothing out of the ordinary with this scenario. You’ve received requests like this before, and it’s also coming from your CEO’s internal email address, so what can be the problem? You proceed with the transaction.
Fast forward five hours later. You catch the CEO and let her know you finished the transaction. She has absolutely no idea what you’re talking about. Instant panic sets in. Your heart is racing like it’s in the Indy 500. You’ve just become the newest victim of a cyber-crime.
Cyber-crime has been an extremely hot topic. Oftentimes manufacturers don’t see themselves as a lucrative target for cyber criminals; however, a Kaspersky Labs report found that for the first half of 2017 manufacturers accounted for about one-third of cyber-attacks. Then in October 2017, the U.S. government issued a public warning that energy and industrial firms were being targeted by sophisticated hackers.
So how can you avoid a similar fate to the CFO mentioned above?
For one, you’ll want to ensure your manufacturing company has Cyber Liability insurance. About two-thirds of companies don’t have coverage in place and remain self-insured, according to the Ponemon Cyber Crime Study. Your policy will help cover the loss and many of the expenses associated with it (e.g. notification, credit monitoring, fines and penalties).
Two, have your insurance company or another reputable source provide a 360 review of your computer systems and network, identifying potential vulnerabilities and providing strategies to minimize risk. Create a plan to address the identified vulnerabilities, test your plan and train employees on what to do in the event of a cyber-crime. Integrate cyber response into your business continuity action plan.
Now if that CFO did have coverage and a business continuity plan in place, here’s what would have happened:
- Stopped a $125,000 loss
- Provided tiered alerts to senior management and IT on a real-time basis
- Provided a general alert to the company
- Initiated the breach response plan
- IT knew what steps to take in analyzing the issue
- IT knew how to escalate the issue both internally and externally
- CFO knew the accounting protocol
- Getting Hacked – Live Cyber-Attack Webinar – Register Now!
- 5 Cyber Liabilities Your Traditional Policy Won’t Cover
- Cyber E-Book
- 5 Questions Risk Managers Should Ask About Cyber
- Anatomy of a Cyber Incident Response Plan
ABOUT THE AUTHOR