Risk Scenario

Ransomware Attack Leaves Paint Manufacturer Seeing Red. Here Are the Business Interruption Lessons to Be Learned

A paint manufacturing firm bleeds red when it fails to plan for cyber-related business interruption.
By: | December 5, 2022
Risk Scenarios are created by Risk & Insurance editors along with leading industry partners. The hypothetical, yet realistic stories, showcase emerging risks that can result in significant losses if not properly addressed.

Disclaimer: The events depicted in this scenario are fictitious. Any similarity to any corporation or person, living or dead, is merely coincidental.

PART ONE: A CYBER STRIKE

PrismTech is a paint manufacturing and blending business with a national footprint. They serve multiple industries, including producing paints for motorcycle manufacturers and retail home improvement stores. But a growing and increasingly important part of their business is doing contract blending for other labels.

As an example, their most important product line involves contract blending of home interior paints for the lifestyle brand of a famous model turned lifestyle influencer, Anabella Cucinota, under the label, At Home With Anabella.

The latex paint skips the heartland and is distributed in West Palm Beach, the Hamptons, Montecito and other exclusive zip codes for a whopping $80 a gallon at retail. Everybody loves Anabella, but she holds a special place in PrismTech’s collective hearts.

PrismTech isn’t the biggest paint manufacturer in the world; annual sales run about $500 million from five manufacturing locations across the country. But its owners enjoy a solid reputation and a loyal customer base, grown over the last 50 years.

It’s a seemingly run-of-the-mill Wednesday in his office in Akron, Ohio, when Eric Owens, the company’s Chief Financial Officer, gets a call that no one wants to get. On the phone is Shana Merit, the company’s head of operations.

“No love for Anabella in Shreveport today,” Merit says.

“How come?” Owens asks, preparing for the next salvo from the typically challenging Shana.

“Because we just got hit with a ransomware attack,” Merit tells him. She shares that the attack shut down Shreveport’s blending line, the one that makes Anabella’s pricey interior paint blend.

“When did you know about this?” Owens asks.

“What do you mean, ‘When did I know about this?’ ” Merit counters. “I just found out five minutes ago, do you mean to imply that I’m not doing my job?”

“Not doing that. Just want to make sure I have all the facts before I let our broker know,” Owens says.

“Well you can tell our broker that the attackers want $10 million in Bitcoin sent to an account in Honduras if we want our manufacturing line in Shreveport back up any time soon,” Merit continues.

“That is, if we decide to pay it,” Owens says.

“What are you talking about, of course we have to pay it,” says Merit, gearing up for a fight.

“Just hold on Shana, I’ll get back to you,” Owens says, trying to get off the phone as fast as he can.

As soon as he’s off the phone with Merit, Owens’ mind starts spinning. One of the more peaceful places it finds is the memory that the company has a $20 million cyber insurance policy.

“Hopefully, that will hold us,” he thinks.

“How many locations got hit?” Owens’ broker asks when Owens calls him.

“Just the one, Shreveport,” Owens answers.

“Isn’t that your…?” the broker starts to say, referring to how important that factory is.

“Yep, that’s the one,” Owens says.

The broker says he’ll inform the carrier and get Owens on a call with them ASAP so they can discuss whether or not to pay the ransom.

PART TWO: TESTING LIMITS

It’s 24 hours since Owens got the ransomware call from Shana Merit. The ransom’s been paid to the attackers, but PrismTech’s problems are far from over.

To begin with, the blending line at Shreveport is still not up. It’s not that the line is entirely destroyed. The cyber attackers have released it from their grip, but a key component was damaged when the attack froze the line.

Adding further pain from a revenue and profitability standpoint is that the Shreveport line, which makes Anabella’s special blend, was by far the most profitable operation in the system. Of the company’s $500 million in annual revenues, $200 million was generated at that factory.

The company’s four other locations kept themselves busy in the far less profitable business of supplying paint for motorcycle manufacturers and home renovations retailers, both of whom are pretty tight-fisted with their suppliers.

Three days go by and Shana Merit is fit to be tied. In a meeting with her, Owens and other company officials, and with Shreveport waiting on a part, (held up, naturally, by unforeseen supply chain problems), the idea is floated to attempt to retool the Murfreesboro, Tenn. plant to produce Anabella’s line.

“We could do it but you’re looking at 10 business days minimum,” Merit says.

“That’s $8 million and counting,” Owens says to himself as he considers the business interruption ramifications of what is unfolding.

With the clock ticking and At Home With Anabella’s private equity investors starting to get really impatient, PrismTech executives have no choice but to attempt to convert the Murfreesboro operation to produce Anabella’s blend.

When informed of the pivot that PrismTech is attempting, Owens’ broker shakes his head and mutters to himself, “Bye-bye cyber tower.”

PART THREE: LOSSES IN THE MILLIONS

It’s now 15 days past the day when the blending line at PrismTech’s Shreveport facility ground to a halt. The Murfreesboro retool is still not up and running. Business interruption losses for PrismTech now stand at $10 million. The company’s cyber insurance tower is not just toast, it’s pure carbon.

Now the company is going to start bleeding a color of red that is not in the palette offered by At Home With Anabella. Eric Owens’ stomach is starting to feel like he’s swallowed crushed glass.

In the space of 15 days, the company’s finances have gone from steady as you go and growing, to losses that could eclipse 5-10% of the company’s annual revenue in a matter of weeks.

Making matters worse, the vice president of sales tells Owens he’s been invited to a meeting with some private equity guys in Manhattan who are anything but pleased.

Sponsor

“Well I can’t say much for your supply chain risk management,” says the vice president of the private equity group, who was educated at Wharton and just happens to know what he is talking about.

“This was a big blunder,” says another executive with the same firm. “And this idea that at this late stage, you’re going to try and retool another plant and make up any kind of headway I find a bit laughable, to be honest,” he says.

“Give me three reasons why we should continue to do business with you,” that executive says.

Owens attempts to verbalize some, but his effort falls flat.

Ouch.

“How did things go this wrong this quickly?” Owens says to himself when he gets back to his office in Akron.

His to-do list now is so long and painful that he almost can’t face it.

It includes:

Calling the bank and asking for different terms for the company’s entire debt architecture.

Working with human resources on the double to revamp the company’s cyber hygiene policies to stop this sort of thing from happening again.

Finding a replacement for the Carnegie Mellon-educated Shana Merit, who just handed in her resignation.

Scheduling a meeting, through his insurance broker, with cyber insurance carriers who are going to ask for much higher premiums than his incumbent carrier, which shook its head “no” when approached about a cyber tower renewal. &

Bar-Lessons-Learned---Partner's-Content-V1b
Risk & Insurance® partnered with Nationwide® Insurance to produce this scenario. Below are Nationwide’s recommendations on how to prevent the losses presented in the scenario. This perspective is not an editorial opinion of Risk & Insurance.®

A ransomware attack can teach some expensive lessons to organizations that are not properly prepared or insured. If PrismTech had a stronger supply chain risk management program and a business continuity plan, the Shreveport facility likely would have been back online sooner and not caused the company to bleed revenue—and credibility.

Nationwide’s risk management experts advise taking the following proactive measures, so you don’t find your organization in the same precarious situation.

  • Work with your broker to implement a thorough Incident Response plan and run through a range of scenarios to ensure everyone is on the same page in terms of expectations and actions.
  • Revisit this plan at regular intervals throughout the year, adding new scenarios as risks evolve.
  • Use pre-breach tools to tighten controls around vulnerabilities in your system.
  • Test critical assets to determine expected downtown and impact related to different types of cyber attacks.
  • Have a business continuity plan in place so you are prepared to shift capacity from any one factory to another in the event of a disruption to your systems. Proper planning is especially important for a facility like Shreveport that is critical to a business’s ability to deliver on its promises to its customers.

No business is immune to the risk of cyber attacks. By partnering with industry experts like Nationwide, you can ensure your business has a comprehensive risk management plan in place so it is protected no matter what happens.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at [email protected].

More from Risk & Insurance