Manufacturing: How much coverage is enough?
Some companies are “fortunate” enough that compliance or client requirements dictate how much cyberinsurance the need. For many, that answer is not as clear cut. You may know certain numbers such as your payroll costs for a day of no productivity, but what about the impact on your customers? Regulatory and compliance impacts? There is never a clear cut answer, but you can at least get to a ballpark number using our guide.
Key numbers for calculations include:
Average downtime for a company after a ransomware attack is 21 days (source)
Average ransomware payment is $211k (source)
Assuming a worst case, if your production was down for 21 days, how much lost revenue would that cost you? Add $211k to that for the ransom payment you made, and any additional costs of recovery you can identify, such as:
Restoration of backups
A third party security firm to secure your network
Per Sophos, all these costs combined averaged $1.85 million last year.
As a manufacturer, you have additional specific considerations. Examine your exposure to these risks as well when evaluating coverage needs:
How much production will be knocked offline in the event of a total IT outage? What is the time and cost to restart the production systems?
Are your customers heavily impacted by a data breach, by designs, trade secrets, or intellectual property being compromised? You may also be subject to compliance such as NIST 171/53, DFARS, CMMC, etc.
Many companies are a hybrid of manufacturing and tech, such as selling smart devices that connect to a cloud. These devices could be impacted by an attack, resulting in substantial third party claims.
Using the above, you should be able to get to a ballpark bracket ($1mm, $2mm, $3mm or more) on how much coverage is enough. One common mistake is that people don’t assume worst case when calculating their limits - but worst case is what insurance is for!
Also note that today, manufacturing is considered a high risk industry, so higher limits can be difficult to find, as many carriers try to limit their exposure to the industry. It may require talking to several carriers before you find a policy that is the size you need.
Ready to bring in the risk experts? Paradigm combines expertise in insurance, cybersecurity, and IT to give your business the best in cyber protection.