“There are only two types of companies: those that have been hacked and those that will be…”

Robert Mueller, FBI Director (2012)

As cybersecurity continues to remain a key point to look into in the digitalised era, a popular Indian audio brand suffered a massive data breach recently. The breach has reportedly left the data containing Personally Identifiable Information (PII) such as names, addresses, phone numbers, email addresses, and customer IDs of over 7.5 million customers exposed and up for sale on the dark web. Experts suggest the leak can also threaten the impacted users’ bank accounts and other secret data.

This incident is yet another reaffirmation of the fact that no organization is immune to the threat of a cyber breach.

Insurance professionals often hear companies concluding unilaterally that they do not require a cyber insurance for several reasons, most common reasons being:

• They are a manufacturing unit, and their Operational Technology (OT) systems are isolated; hence they do not have exposure of a cyber breach.
• Their systems are state of the art, most modernized and up to date; hence the possibility of a cyber-attack is minimal.
• No sensitive information of third parties is stored; hence cyber liability claims emanating from third parties are highly unlikely.
• Insurance claims are often rejected due to complicated terms and conditions.

The cyber incidents reported across various geographies would prove to be a persuasive myth buster for all these reasons.

As per the World Economic Forum[1], the manufacturing industry is experiencing increasing cyber-attacks, month by month.

“In 2022, manufacturing had the highest share of cyber-attacks among leading industries worldwide and the third quarter of 2023 marked a 15% increase over the previous.”

Another report states, “In 2023, manufacturing saw the highest share of cyberattacks among the leading industries worldwide. During the examined year, manufacturing companies encountered nearly a quarter of the total cyberattacks”[2].

With the advent of digital technologies and focus on accuracy and increased efficiency, industries are increasingly integrating their OT systems with IT systems. In a number of attacks in the recent years, it was observed that the OT systems were compromised by first breaching the IT systems.

The average cost of a cyber breach is believed to have reached $4.7 mn[3]. Thus, it would not be advisable to ignore the looming threat of cyber breach for any manufacturing unit. Investing in a robust cyber security resilience plan is the need of the hour and a well-placed cyber security policy is an important part of developing this resilience and ensuring business continuity.

A simple web search about cyber attacks would lead the researcher to cyber incidents on some very big IT companies, Banks, government institutions and so on. All these institutions not only spend millions to develop cyber security but can also boast of strong processes and controls.

Thus, one can only hope that their IT systems will ward off all cyber-attacks, but the eventuality of an attack (big or small) cannot be written off. With such odds stacked against any organization, sooner an investment is made in a cyber policy, more sophisticated the business continuity plan becomes.

It is also pertinent to highlight here that an organization is not just liable for third party sensitive data but also for the personal information of their own employees. Thus, while one may argue that there is no possibility of a third-party liability for compromised information, the obligation of an organization to safeguard employee data is equally important and failure in safeguarding the personal information of the employees can invite adverse legal action against the employer/organization.

Another unique aspect of Cyber Insurance that needs consideration by the buyers is that the scope of a cyber insurance policy is wide enough to cover not just third-party liabilities, but also first party expenses like forensic costs, business interruption and also Regulatory fines and penalties. Thus, investment in a good cyber insurance allows businesses to manage the potential impact and cost of cyberattacks. The aftermath of a cyber-attack can be disastrous, often bring an organization to a standstill. In such a scenario, a cyber insurance policy would go a long way in cushioning the impact and to restore normalcy at the earliest.

The information provided in this article is for general informational purposes only and is not to be construed as a legal or professional advice. While we strive to provide accurate and up-to-date information, the field of insurance is complex and constantly evolving. Readers are advised to conduct further research and consult with qualified professionals, such as insurance brokers before making any decisions regarding any insurance coverage.