According to a research study by Sophos, a UK-based IT security services and hardware provider, cyber insurance policies are changing the way manufacturing is protecting their networks. As ransomware threats keep coming, companies are buying cyber insurance policies to protect against costly ransomware attacks that can drive them out of business. Seventy percent of hacked food and beverage companies will go out of business within a year of the attack, according to Capstone Logistics.

Cyber insurance helps a company get back to its previous state. These policies protect the confidentiality, integrity and availability of computer systems, networks, and data against cyberattacks and ransomware.

Phishing attacks are still the most significant cybersecurity threat to companies. The 2022 Proofpoint State of the Phish report shows that 83% of organizations suffered a successful email-based phishing attack in 2021, and 78% of companies faced a ransomware attack from a phishing email.

As attacks become costlier, insurance companies have implemented stringent requirements for cyber policies. These follow the Zero Trust security framework, which also corresponds to the National Institute Security Technology standards (NIST). A Zero Trust security framework says a company should assume a breach happen due to sophisticated hacker groups, remote work or more digital assets being online.

So the NIST standards and the Zero Trust framework, which insurance companies use for their security audits, echo the ideas of verifying explicitly, using least-privilege access and assuming breach. Food producers still employ network perimeter best practices, but insurance policies also promote managed detection and response (MDR) technology for networks.

These standards and frameworks are starting points for insurance company audits.

Cyber Insurance Drives Improvements

“The 2022 State of Ransomware” survey from Sophos included 5,600 IT professionals and 419 from manufacturing operations across 31 countries. Industries include food and beverage, manufacturing, energy, supply chain, construction, education and retail.

The Sophos study shows “only 75% of manufacturing and production respondents reported having coverage against ransomware attacks, compared with a cross-industry average of 83%.”

However, the ransomware survey reveals that “97% of manufacturing and production companies that do carry cyber insurance have made changes to their cyber defense to improve their cyber insurance position.” Why is this? Insurance companies require extensive updates to cybersecurity processes and certification.

The impressive results can be seen below:

• 70% of manufacturers have implemented new technologies/services—highest across all industries
• 63% have increased cyber awareness training/education activities—highest across all industries
• 59% have changed processes/behaviors

Cyber awareness training is trending across all industries as more companies implement remote work policies and have to protect workers outside of the “traditional four walls.” Updated processes include multifactor authentication for passwords and limiting access to HMIs and equipment, which can be challenging with small operations teams.

“38 respondents from manufacturing and production shared the exact ransom payments made, revealing that the average ransom came in at a huge $2,036,189 – the highest of all sectors.”

“OT has been an afterthought for a long time, but that is changing, and companies are now looking to invest in the security of their OT networks and continuity of operations,” says Mackenize Morris, senior industrial consultant at Dragos Inc. “Historically, organizations have placed much of their investment on perimeter defenses and overlooked cybersecurity controls inside the OT network.”

But IT/OT culture wars are well documented with large food operations.

Luigi de Bernardini, CEO of Autoware, wrote in a recent blog post “that the IT/OT relationship is still difficult and conflict with many companies. Goals are different, language is different, methodologies are different, project approach is different, cost perception is different, and budgets are different.” The issue can be the lack of understanding and considering new technology opportunities from IT’s perspective.

Below are more of the cybersecurity findings from the Sophos report:

• Regarding the time taken to recover from ransomware attacks, the manufacturing and production sector reported a quick recovery, with two-thirds of victims (67%) getting back up and running within a week. This is considerably higher than the global cross-sector average (53%), indicating that manufacturing and production is well-placed to recover from attacks.
• Thirty-eight respondents from manufacturing and production shared the exact ransom payments made, revealing that the average ransom came in at a huge $2,036,189—the highest of all sectors. This is a tremendous increase from the $147,917 reported in 2020 by 15 manufacturing and production respondents. Note: The 2020 average ransom figure is based on a low response base and should be considered indicative rather than statistically significant.
• Across all sectors, the average amount of data recovered after paying ransom has dropped over the last year, reaching 61% in 2021—down from 65% in 2020. Defying this global trend, manufacturing and production respondents saw the amount of data recovered increase slightly over the year: from 55% in 2020 to 59% in 2021.