In a few short years, many multinational companies have shifted their priorities from preventing cyberattacks altogether to mitigating their damage. For good reason: cybersecurity experts often advise their clients to assume hackers have already breached their corporate defenses, advice that is backed up by a string of corporate breaches. The questions for executives are, therefore: how do I seal off my company’s most prized data, and against how much loss do I insure?
The manufacturing industry is increasingly in the crosshairs of hackers. Manufacturers are a “tempting target as many systems within the sector are perceived to be weak by design as a result of a failure to be held to compliance standards,” IBM said in a recent report.
There are some basic precepts manufacturing firms can follow to better protect their crown jewels from sophisticated hackers. One is to install multiple layers of defense, an approach dubbed “defense-in-depth.” Just as you might guard your house with an outer wall, a watchdog, and an alarm system, it is wise to put multiple tripwires around your data. The likelihood of an attacker circumventing one defense layer may be significant, but the odds of him eluding all layers are far lower.
A defense-in-depth strategy might start with intrusion-detection devices to monitor the perimeter of a corporate network. The strategy should extend well beyond that, however, to include educating employees on cybersecurity best practices. Attackers will search for the easiest way into a network, which has often meant targeting employees with phishing emails – innocuous-looking emails laced with malware. Some of the most devastating hacks in recent years have begun with a simple phishing email that allowed hackers to burrow unnoticed in organizations for long periods of time.
Another prong of a defense-in-depth strategy is to encrypt your organization’s data whenever possible. As obvious as this practice might seem, both corporate and government organizations have been slow to adopt it. Encrypting company data offers a further deterrent to hackers and significantly raises the skill level required to carry out a successful data heist. Hackers may decide that strong encryption isn’t worth the resources needed to break it, and move on to a lower-hanging fruit.
Defense-in-depth is far from a panacea for cyberthreats but rather a baseline necessity upon which to build more defenses. It is a strategy that has been around for years, but one that needs to be paired with a company’s commitment to understanding the latest cyberthreats posed by the world’s most sophisticated bad-actors.
Given that all of the defensive measures in the world cannot make an organization hack-proof, corporate executives are showing more interest in cyber insurance. The global cyber insurance market will reach $14 billion by 2022, with a compound annual growth rate of nearly 28 percent from 2016 to 2022, according to Allied Market Research.
Manufacturers, in particular, are showing greater interest in cyber insurance and a market is taking shape to account for their needs, according to underwriters. These tailored services include coverage for data breaches, business interruption due to cyberattacks, and ransomware, a type of malware that experts say is a growing threat to manufacturers.
Manufacturers paid $36.9 million in cyber-specific premiums in 2016, an 89 percent jump from the year before, according to a recent Wall Street Journal report. The adoption rate of cyber insurance among manufacturers will only grow as executives become more aware of the risks, according to underwriters. A market once dominated by financial service providers and retailers has expanded definitively to include manufacturers.
While the myriad cyberthreats facing the industry is cause for alarm, instituting a robust defense against them and buying insurance in case that defense fails will help manufacturing executives sleep better at night.