Cyber Insurance Becomes a Must for More Manufacturers
April 17 2017 - 07:29AM
Dow Jones News
By Richard Teitelbaum
Abbott Laboratories was pilloried last week by regulators for,
in part, botching its response to a report that certain company
defibrillators and pacemakers could be manipulated by hackers.
Shares of the health-care giant, which acquired the devices in its
purchase of St. Jude Medical Inc., fell 1.9%.
The criticism, which came in a warning letter from the U.S. Food
and Drug Administration, casts another spotlight on the fusillade
of cyber dangers facing manufacturers.
For years cyber insurance was overwhelmingly purchased by
consumer-facing business -- retailers, financial-service providers
and hospitals. Mostly this was to protect against customer data
theft. The St. Jude situation helps explain why manufacturers are
now rushing to make sure they are covered.
Manufacturers paid $36.9 million in premiums for cyber-specific
policies in 2016, according to Advisen Ltd., an insurance
consulting firm, based on its sample of over 9,000 mostly U.S.
companies. That is up 89% from the year before. Manufacturers
accounted for 12.6% premiums tracked in 2016 compared with 9% the
year before.
"There's certainly an increased exposure in the industry
overall, especially with more reliance on cloud providers, greater
sophistication of hackers globally and increased consumer
interactions through social media," said Daniel Steiner, enterprise
risk manager at Kimberly-Clark Corp., the maker of Kleenex tissues
and Huggies diapers. The company began buying cyber insurance in
2009.
Factories are increasingly computerized, automated and digitally
integrated with other parts of a company and keeping those networks
secure is critical. "It's hard to think of an area of our business
that is not touched by this, as business is only becoming more
connected," said Eric Dobkin, director of insurance and risk
management at drugmaker Merck & Co. in an email.
"Nobody should be able to look at themselves in the mirror and
say 'I'm not exposed to this'," said Robert Wice, leader for
technology, media and business services of Beazley PLC in the U.S.
"It should be top of mind."
As for St. Jude, a company spokeswoman declined to say whether
it carried cyber insurance to cover the cardiac devices. A 2016
filing said it did not carry product liability insurance. An Abbott
spokesman declined to comment on whether the company has cyber
insurance.
In the event of a cyberattack that shuts down a factory,
manufacturers may not be covered by existing policies. Many
property and casualty, or P&C, policies require physical damage
before they pay, explained Ben Beeson, cyberrisk practice leader at
brokerage Lockton Cos.
A wake-up call for manufacturers came in December 2014 when the
German Federal Office for Information Security reported that a
cyberattack caused "massive damage" at a steel plant it didn't
name.The report highlighted how cyberattacks can be more
destructive than prosaic events like floods that are covered by
typical P&C policies.
"When you look at severity, you have to consider they are
cyber-based," said Brent Pickens, director of global risk
management at Bemis Co. Inc., a maker of plastic packaging that was
an early buyer of cyber insurance.
Selecting a cyberpolicy forces manufacturers to set priorities
on what to protect, he said, particularly at larger companies that
can have policies tailored for different plants and situations.
"You get the best return out of [insuring] what is most important
for you," Mr. Pickens added.
The market for manufacturers is young, therefore premiums vary
greatly and are based on revenue, specific lines of business, and
the number of records involved. Premiums range from $10,000 to
$15,000 for every $1 million of comprehensive coverage for
manufacturers with $1 billion or more in revenue, said Michael
Blake, part of the cybersecurity practice at Alliant Insurance
Services Inc. That is about half of what retailers and banks
pay.
"It's not a difficult sell," said Mr. Blake."There is not a risk
manager out there who wants to walk into a board meeting to explain
why he didn't think to get a cyber insurance quote, especially
since it's so cheap."
Write to Richard Teitelbaum at Richard.Teitelbaum@wsj.com
(END) Dow Jones Newswires
April 17, 2017 07:14 ET (11:14 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Abbott Laboratories (NYSE:ABT)
Historical Stock Chart
From Feb 2024 to Mar 2024
Abbott Laboratories (NYSE:ABT)
Historical Stock Chart
From Mar 2023 to Mar 2024