Conan Ward, president and general manager of RubiQon Risk,  a newly formed subsidiary of QOMPLX, details the evolution of the cyber-risk insurance industry, and describes how it can protect manufacturers against loss from cyberattacks.

Cyber-risk insurance isn’t exactly new, many of its elements having been previously incorporated within traditional property and casualty policies. More recently, though, insurers have sought to break out the cyber element and create products dedicated specifically to that kind of risk to manufacturers. In the process, they acquire deeper experience in the underwriting of such policies, avoiding costly litigation based on misunderstandings about what kind of events are covered.

Today, dedicated policies cover virtually every kind of cyber-related event, and pay for all of the costs that it can incur, including downtime from affected machines, theft of intellectual property, the loss of future business and even payouts by the victims of ransomware. Still, Ward advises that manufacturers work closely with their insurance brokers to specify the kinds of scenarios for which they require coverage. When it comes to damage to machines, Ward says, “not all policies, even in a dedicated cyber sense, would respond in the same way.”

Cyber-risk coverage even pays out in the event of employee responsibility. Ward cites research which finds that around 30% of breaches are in some way the fault of the affected company’s own staff, whether through intentional acts or negligence. “There’s a recognition that it’s a very likely avenue,” he says.

Cyber-risk policies can be expensive, but the cost of suffering a breach without that protection is often worse. Ward says companies need to take into account not just immediate damage to operations, but also the potential loss of business income, which the affected business might experience for years to come.