Cyber security insurance

Legalities: Don’t think the threat of industrial security breach isn’t real. Now there’s insurance to help mitigate financial risks related to cyber security and other threats to control system integrators and their clients.

06/29/2012


Industrial HMI by Control Engineering, CFE MediaControl system integrators (CSIs) are playing an increasingly important role in helping our world go round. In fact, it would be difficult to find a person not touched in some way by the work CSIs do. But the insurance industry has been slow to understand and accommodate this industry, meaning most CSIs are buying policies that are unsuitable for them; many policies fail to address and even exclude coverage for some of the basic exposures CSIs face, including cyber security threats.

As parts of the world develop and we all become increasingly reliant on control systems of all kinds in our everyday lives, it will be more important than ever that these gaps are addressed. So let’s go back to the basics by exploring what types of coverage CSIs should really be on the lookout for.

Breach of contract

The single biggest risk facing CSIs is breach of contract. Control systems such as industrial control, manufacturing execution, and plant automation systems, even in their simplest forms, are critical to business success. Delivery delays and not delivering in accordance to what clients expect are two major exposures here. If a client experiences a loss of income due to a delay, error, or even a simple misunderstanding, one can expect the client to claim these costs back from the systems integrator.

The problem is that insurance policies very often have an exclusion for contractual liability. Most professional liability (PL) policies, also known as errors and omissions insurance, were written for traditional professionals like doctors and lawyers, where there is a clear duty of care between the insured and their client, and therefore the contract is merely implied. For CSIs, contracts are central to the way work is undertaken. Take care when looking at this part of a policy to ensure that contractual liability is covered.

Bodily injury, property damage

CSIs use industrial automation equipment and software in the implementation of projects across many industries. A risk lies when these components end up in operational situations that can give rise to bodily injury or property damage. Examples include everything from malfunctioning theme park rides to faulty drilling systems in use on oil rigs as demonstrated by the Deepwater Horizon oil spill in 2010.

Frequently, professional liability policies only include financial loss, so it is vitally important for CSIs that their PL policy is extended to include contingent bodily injury and property damage. Ideally, the professional and general liability coverage would be combined in the same policy in order to avoid the potential for gaps in coverage or arguments arising between insurers. It is also essential that policies do not contain any definitions of technological activities that could restrict coverage.

Cyber threats

An emerging but already very real risk for CSIs is the threat of a cyber attack. Highly sophisticated hackers are increasingly targeting control systems in order to cause major disruption, whether motivated financially or ideologically. A good example of the latter is the Stuxnet virus, which was used in 2010 to disable an Iranian nuclear power plant. The ability to cause havoc from afar is incredibly attractive to terrorist organizations, national defense departments, hackers with a point to prove, and many others.

Indeed, Norton predictions indicate that 2012 will be the worst year so far for hack attacks fuelled in part by so called “hacktivist” protest attacks and cyber terrorism.

With clients increasingly seeing their control systems being the target of cyber attacks, it is inevitable that they will seek to recover any losses through a claim against the integrator. As a result, it is more important than ever to ensure that any terrorism exclusion in a professional or general liability policy is amended to ensure that coverage is still provided for cyber attacks.

Although the insurance market has been slow to catch up with the evolving needs of CSIs, this is changing. Specialist insurance policies that have been tailored specifically to address the risks outlined above are available through groups like the Control Systems Integrators Association.

Also see July cover story on cyber security.

- Graeme Newman is director of CFC Underwriting and discussed insurance with Control Engineering at the CSIA 2012 Executive Conference. Edited by Mark T. Hoske, content manager CFE Media, Control Engineering, Plant Engineering, and Consulting-Specifying Engineer, mhoske(at)cfemedia.com.

www.cfcunderwriting.com 

www.csia.org 

ONLINE extra

Search “Legalities” atop www.controleng.com for other engineering legal discussions.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Leaders Under 40 program features outstanding young people who are making a difference in manufacturing. View the 2013 Leaders here.
The new control room: It's got all the bells and whistles - and alarms, too; Remote maintenance; Specifying VFDs
2014 forecast issue: To serve and to manufacture - Veterans will bring skill and discipline to the plant floor if we can find a way to get them there.
2013 Top Plant: Lincoln Electric Company, Cleveland, Ohio
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Why manufacturers need to see energy in a different light: Current approaches to energy management yield quick savings, but leave plant managers searching for ways of improving on those early gains.
Electric motor power measurement and analysis: Understand the basics to drive greater efficiency; Selecting the right control chart; Linear position sensors gain acceptance
Protecting standby generators for mission critical facilities; Selecting energy-efficient transformers; Integrating power monitoring systems; Mitigating harmonics in electrical systems

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.