Cyber spotlights on the manufacturing industry: Identify, assess, protect

This spotlight delivers an overview of the latest cyber risks impacting the sector generally, including recent incidents and emerging threat vectors. We also highlight our insurance solutions that can address the cyber vulnerabilities faced by the manufacturing industry. Use our insights to enhance your organisation’s cyber risk management approach.

What cyber incidents have we seen from the manufacturing industry?

Cyber insurance claims we have seen from the manufacturing industry

Below is a selection of recent anonymised claims managed by WTW.

Ransomware

The insured was the victim of a ransomware attack which disabled systems and potentially exposed data associated with current and former employees. The insured engaged a wide array of vendors to assist in their response and offered credit monitoring services to affected individuals. The insured paid a ransom, and insurers paid out the full limit available under the cyber programme which covered the ransom, vendor costs and business interruption calculation. Total event cost: $5m

Social engineering

An unknown third-party inserted themselves in an email conversation amongst the insured’s employees and was able to redirect a significant movement of funds to a fraudulent account. The insured were fortunate enough to eventually make a full recovery of the misdirected amount, from banking partners. Total event cost: $3.7m

Social engineering

An employee of the insured clicked on a link in a phishing email and his e-mail account was compromised as a result. The compromised account was used to divert payments due to genuine suppliers. The insured discovered the matter relatively quickly which resulted in a substantial partial recovery via their bank. The remainder of the loss was below the retention. Total event cost: $3.5m

Ransomware

The insured suffered a ransomware attack which forced the insured to shut down connectivity to isolate and stop the spread of the event. Although no ransom had been received, the insured engaged a wide array of related vendors, including payment forensics to calculate the insured’s loss of business activity. Total event cost: $1.5m+

Accidental data breach (wrongful collection)

Class action alleging privacy violations specifically that the insured used third party cookies and corresponding data to be stored on consumers’ devices and transmitted to third parties when consumers visited the insured’s websites. Defence costs being incurred and matter developing. Total event cost: $0.5m+

Ransomware

The insured was contacted by the authorities to inform them that they had located compromised login credentials of the insured in the hands of threat actors. The insured investigated the account and then found evidence of encryption which had been enabled and was affecting business continuity. The insured subsequently advised that there was also a data liability exposure and data had been exfiltrated. Insurers appointed forensic investigators, an incident coach and ransom negotiator / specialists and matter developing. Total event cost: $0.2m+

Source: WTW proprietary claims data

Cyber threat trends in the manufacturing industry

Ransomware continues to pose a threat to the sector: The latest annual study from Sophos reveals some key statistics for manufacturer sector:

• 65% of manufacturing companies reported they’ve been hit by ransomware this year
• 75% of those ransomware events resulted in data encryption
• It costs on average USD1.67m to recover from ransomware
• The average ransom demand is USD2.4m
• Six in 10 companies pay the ransom

Reliance on key software vendors: The recent CrowdStrike incident, which affected 8.5 million Windows devices, highlighted the reliance business is placing on a modest number of software vendors. While companies that require 100% availability of its IT to fulfil its business operations are more susceptible to IT outages, the global supply chain showed some resiliency in the aftermath of the CrowdStrike incident. A notable feature of the event is that it was not caused by malicious activity but rather defective coding.
Reliance on third parties, including software providers and other IT contractors give rise to the following risks, which can materially impact a company’s operations:

1. Cyber-attacks against supply chain computer networks
2. Third-party security shortcomings that exploit a company’s network when connected to a third party’s network
3. Vulnerabilities within legacy systems
4. Lack of visibility on what third parties can access within company network

Cyber security legislation for manufacturers of technology products: The forthcoming (applicable to all countries within the European Union) will introduce stringent requirements on developers, retailers and manufacturers of technology products and software. The Act is set to enter into force in the second half of 2024 and manufacturers (regardless of where they are located) will have to place compliant products in the EU by 2027. Failure to do so could lead to fines of up to EUR 15m or 2.5% of annual global turnover, whichever is higher.

Areas from our April 2024 insight release to keep in mind: Employee Awareness should now be organisations number one priority key.

• Intellectual Property (IP) is a magpie for cyber criminals
• Increased likelihood of Cyber-attacks causing physical damage
• Increased Digitisation in the manufacturing sector raises Cyber risk

Our perspective on cyber market trends for the manufacturing industry

Increased appetite from insurers: There has been an increase in appetite over the last 24 months amongst cyber insurers for the manufacturing sector. A number of those insurers are specifically targeting this sector for new business. We expect this trend to continue into early 2025.

How WTW can help with identifying, assessing, and protecting your business