After Paul Hartgen was charged with finding new products and services to assist members of the National Association of Manufacturers (NAM), he helped develop various initiatives that would increase member value and make NAM a one-stop-shop for manufacturers.
Through surveys and other input from members, various ideas “bubbled up,” says Hartgen, NAM’s vice president of member and business services. Some of those ideas included ways to improve health care, retirement programs, and shipping while connecting U.S. manufacturers with each other.
“We also looked at how to mitigate risks in the supply chain,” Hartgen adds.
But not much was being requested when it came to cybercrime, although barely a day went by without something in the news about a ransomware case. “This was not something that the industry was running to us and clamoring for,” Hartgen says, adding that NAM took the lead. “Based on our knowledge, this is a serious risk to the supply chain.”
As he studied more about cybercrime and discussed ideas with NAM’s leadership, he realized that insurance products only covered losses after an attack. That led him to Coalition, an insurance company that provides protection along with proactive cybersecurity tools to reveal threats before they happen. “Coalition’s whole approach is to mitigate cyber risk, so they don’t have to pay a cyber claim,” Hartgen says. “To me, that is a really smart model.”
NAM Cyber Cover
Last year, NAM teamed up with Coalition and AHT Insurance, an insurance broker, to offer the new product called NAM Cyber Cover to NAM members. The product was built for manufacturers and includes coverage for pollution and bodily harm that are caused by cyber incidents. Through April, about 15 trade associations that are NAM members and about 30 manufacturers had taken the coverage. The Flexible Packaging Association (FPA) is among them and is now offering access to the coverage to FPA members.
“The more we looked at it, the more we liked it because they start with a cyber risk assessment,” Hartgen says. That assessment is free and can be done quickly. A company can then decide whether it wants the full coverage, which includes around-the-clock monitoring, as well as coverage from losses caused by an attack. “The assessment shows what needs to be updated and what a company needs to do.”
NAM Cyber Cover is available to small and mid-sized companies because larger companies usually have the resources to provide thorough information technology (IT) and operational technology (OT) coverage of their operations, says George J. Forrester, a partner with AHT Insurance, which specializes in manufacturing sectors. This target market would be companies with about $2 million to $1 billion in annual sales, he explains.
Cybercriminals have become more sophisticated and have gone beyond targeting IT and are focusing on the OT of manufacturers, Forrester and Hartgen say.
Forrester points out that every business has fire insurance, but the odds of a devastating fire are less than 1%. However, the odds of a cyber breach are more than 60%.
That is where the cyber risk assessment should be utilized by small and medium-sized companies, even if they don’t end up buying the insurance, Forrester and Hartgen say. The assessment requires some basic information: the company name, the number of workers, and an estimate of annual sales.
“With that, they pull a seven- to eight-page cyber risk assessment that is of extreme value and that is a snapshot in real-time of vulnerabilities,” Forrester says, adding that the report will benchmark a company against other industries from a vulnerability standpoint. “Then, the approach is to set up a call—anyone with responsibility for insurance but also those who are in IT or OT.”
Coverage starts at $1 million, which might cost several thousand dollars, depending on sales, he says. “It is very tied to your sales. We added coverage to include injuries to workers caused by a machine malfunction during a hack, property and machine damage, as well as pollution. Central to the coverage are the mitigation efforts, such as the assessment and ongoing monitoring.”
Forrester gave a presentation about NAM Cyber Cover during FPA’s Annual Meeting in March. The flexible packaging industry, like any manufacturer with a long supply chain, is just as vulnerable as any business, he suggests. The services include reports on the cyber health of up to five vendors, which could inadvertently open a backdoor that cyberthieves could use to gain access to systems. Policyholders then get monthly updates on the vendors. “These hackers don’t segregate,” he says. “They really are out there looking at all the networks and where they can find vulnerabilities. It could be anything. They are targeting opportunities more than anything else.”
Even though attacks keep escalating, Forrester says, NAM Cyber Cover can be a tough sell. He points out that companies often have established insurance agents and brokers, so they are hesitant to take on a new insurance vendor. He is clear with them that he isn’t trying to obtain the overall insurance package. He likens Coalition’s NAM Cyber Cover to a health care specialist, where you go to a specific doctor for a specific disorder, and most general insurance coverage does not offer the same protection.
“I think anybody who has an incident is an easy sale,” Hartgen says. “They are the best customers. The second-best customer is when the person takes the time to really compare policies and programs. One of the coolest tools is that you can add in five other vendors that you work with, and you get a monthly report on their cyber hygiene.”
“When you get a CFO or a CEO who understands what is being offered, it really is a no-brainer,” Hartgen continues. “The challenge we have is that a lot of smaller businesses probably think it is never going to happen to them, but when it does the impact is felt up and down the supply chain.”
Thomas A. Barstow is senior editor of FlexPack VOICE®.