Risk Insider: Dan Holden

The Cyber Threat in Manufacturing

By: | April 20, 2017 • 3 min read
Dan Holden is Manager of Corporate Risk & Insurance for Daimler Trucks North America (formerly “Freightliner”). He manages the risk management program in the U.S., Canada and Mexico. He can be reached at [email protected]

A friend of mine asked me the other day if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. When I asked him to expand on that most interesting comment he proceeded to compare cyber-risk to the Red Scare of the 1950s when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he proudly concluded.

I found his question incredulous given the world we live in, not to mention his peculiar analogy. But realizing he didn’t work in the commerce stream, per se, quelled my impulse to slap him around.

So I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy over $400 billion per year, according to estimates by the Center for Strategic and International Studies; and each year over 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet, The Global Risks 2015 report, published in January by the World Economic Forum (WEF), included this rather stark warning: “90 percent of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.”

In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. So while property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide.

Cyber protection is not just about deploying advanced cyber threat technology to manage risk, but you also have to educate your employees to not fall victim to unassuming scams like “Phishing” which is stealing private information via e-mail or text messages. It remains the most popular con as far as stealing company data because it’s so painfully simple. Just pretend to be someone else and hope a few people fall for it.

Advertisement




While most people understand the threat to data privacy for retailers, banks, hospitals, and miscellaneous financial institutions, few realize that manufacturers are also vulnerable in terms of property damage and downtime. In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. So while property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide.

According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber-attacks can now come from both inside and outside of the industrial control system network.

Manufacturers also need to be concerned about cyber-attacks that would, a) interrupt their physical supply chain, and/or, b) allow access to their system via the 3rd-party vendor, and then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their 3rd-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize.

To circle back to my friend’s weird fall-out shelter theory, it’s certainly a good idea to have a back-up plan in case one is hit by a proverbial “cyber-bomb.” But rather than hunker down and wait for the attack to occur, it’s critical to be proactive through employee education, vetting vendors’ cyber-security, and adopt, and continuously optimize, a formal cybersecurity program.

More from Risk & Insurance

More from Risk & Insurance

2017 Risk All Stars

Immeasurable Value

The 2017 Risk All Stars strengthened their organizations by taking ownership of improved risk management processes and not quitting until they were in place.
By: | September 12, 2017 • 3 min read

Being the only person to hold a particular opinion or point of view within an organization cannot be easy. Do the following sound like familiar stories? Can you picture yourself or one of your risk management colleagues as the hero or heroine? Or better yet, as a Risk & Insurance® Risk All Star?

Advertisement




One risk manager took a job with a company that was being spun off, and the risk management program, which was built for a much larger company, was not a good fit for the spun-off company.
Rather than sink into inertia, this risk manager took the bull by the horns and began an aggressive company intranet campaign to instill better safety and other risk management practices throughout the organization.

The risk manager, 2017 Risk All Star Michelle Bennett of Cable One, also changed some long-standing brokerage relationships that weren’t a good fit for the risk management and insurance program. In her first year on the job she produced premium savings and in her second year is in the process of introducing ERM company-wide.

Or perhaps this one rings a bell. The news is trickling out that a company is poised to dramatically expand, increasing the workforce three- or four-fold. Having this knowledge with certainty would be a great benefit to a risk manager, who could begin girding safety, workers’ comp and related programs accordingly. But things sometimes don’t work that way, do they? Sometimes the risk manager is one of the last people to know.

The Risk All Star Award recognizes at its core, creativity, perseverance and passion. The 13 winners of this year’s award all displayed those traits in abundance.

In the case of 2017 Risk All Star winner Steve Richards of the Coca-Cola Bottling Company, the news of an expansion spurred him to action. He completely overhauled the company’s workers’ compensation program and streamlined its claim management system. The results, even with a much higher headcount, were reduced legal costs, better return-to-work experiences for injured workers and a host of other improvements and savings.

The Risk All Star Award recognizes at its core, creativity, perseverance and passion. The 13 winners of this year’s award all displayed those traits in abundance. Sometimes it took years for a particular risk solution, as promoted by a risk manager, to find acceptance.

In other cases a risk manager got so excited about a solution, they never even considered getting turned down. They just kept pushing until they carried the day.

Advertisement




Butler University’s Zach Finn became obsessive about what he felt was a lackluster effort on the part of the insurance industry to bring in new talent. The former risk manager for the J.M. Smucker Co. settled on the creation of a student-run captive to give his risk management students the experience they would need to get hired right out of college.

The result was a better risk management program for the university’s College of Liberal Arts and Sciences, and immediate traction in the job market for Finn’s students.

A few of our Risk All Stars told us that the results they are achieving were decades in the making. Only by year-in, year-out dedication to gaining transparency about her co-op’s risks and learning more and more about her various insurance carriers, did Growmark Inc.’s Faith Cring create a stalwart risk management and insurance program that is the envy of the agricultural sector. Now she’s been with some of her insurance carriers more than 20 years — some more than 30 years.

Having the right idea and not having a home for it can be a lonely, frustrating experience. Having the creativity, the passion and perhaps, most importantly, the perseverance to see it through and get great results makes you a Risk All Star. &

_____________________________________________

Risk All Stars stand out from their peers by overcoming challenges through exceptional problem solving, creativity, perseverance and passion.

See the complete list of 2017 Risk All Stars.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected]