Cyber security: the digital dilemma for manufacturers

Posted on 5 Dec 2015 by Callum Bentley

With manufacturing businesses increasingly resembling software companies and data repositories, legal issues and risks are changing. Weightmans’ Ed Lewis and Kurt Rowe examine the consequences for manufacturing businesses operating in today’s digital age.

The world is in the midst of a digital revolution that’s changing the way we interact and conduct business.

Businesses everywhere are placing a heavy reliance on software and data.  This change is particularly prevalent in the manufacturing sector, where plants are now automated and controlled by computers to such an extent that they bear very little resemblance to their industrial predecessors.

Ed Lewis is a Partner in the Insurance and Reinsurance team at Weightmans LLP
Ed Lewis is a Partner in the Insurance and Reinsurance team at Weightmans LLP

In fact it’s become the norm for manufacturers to depend on software houses to help them in their competitive fight for survivaleven entertaining joint ventures with tech businesses, or acquiring companies, to absorb the skillsets they need.  

These new business models are essential in a world where both process and products have software and digital connectivity at their core.

Recently, security consultant Symantec reported that the manufacturing sector was one of the most targeted sectors for cyber attacks.  

It is clear then that while adapting the typical manufacturing business to take full advantage of the benefits that a digitised work place offers often makes commercial sense, there are also a number of risks that need to be carefully considered at the same time.

It should come as no surprise for any business that relieson software, technology and digital connectivity, that cyber risks are their biggest threat. 

It’s a threat whose profile has risen rapidly in recent times from the concern of IT departments, to a top priority on the agenda of most boardrooms.

Because cyber risks are systemicmanufacturers also have to work hard to rationalise their new exposures and how digitisation is changing the way they approach security

A lack of data coupled with the absence of ahistoric bank of evidence to help calculate either the likelihood of an incident or its impact (in terms of cost) makes that challenge harder still.  

The irony then is that the exposures in this new environment are often about how old risks with which manufacturers will be familiar – fraud; theft; terrorism; corporate espionage; activism, and loss of reputation if a business is incapable of keeping confidential material and data secure – are able to manifest in new ways via advancements in technology

Bear in mind too that cyber risks are not only limited to the manufacturers own organisationoften their supply chain will be just as vulnerable.  

Kurt Rowe is an Associate in the Insurance Market Affairs Group of national law firm Weightmans LLP
Kurt Rowe is an Associate in the Insurance Market Affairs Group of national law firm Weightmans LLP

It’s also important to consider the products that are being manufactured.  A successful manufacturer depends entirely on the quality and durability of their production

Software vulnerabilities can be missed, triggering product liability exposures.  

The shift towards Internet-connected products adds yet a further dimension, creating significant scope for mischief and facilitating new methods of committing cybercrime.  

Further, the manipulation of technology to obtain competitive advantage is just as much a cyber risk as, say fraud via social engineering.  

Lessons can be learned from the current emissions scandal in the automotive industry, which demonstrated that a product with covert and morally questionable function could lead to similar reputational damage as a significant data loss, as well as regulatory and even criminal sanctions.

Consideration should also be given to distribution networks, with distribution companies increasingly looking to add autonomous vehicles such as HGV’s and drones to their fleets.  

There are risks associated with the use of these autonomous technologies which could lead to claims for personal injury, property damage and business interruptionThere is a clear need to fully understand the dangers these autonomous vehicles pose to both property and their employees.  

There are further, less technical issues also requiring consideration, such as employment implications.  Increasingly digitised manufacturing plant, utilising robotic and computer technology, will inevitably lead to a reduction in the traditional human workforce.  

With plant mechanics being replaced with software technicians, and assembly line workers with robots, it’s an impact that has potentially significant social and political consequences. With jobs literally on the line, industrial action seems inevitable.

The employment implications don’t end there, though.  Just this year a worker in an automotive plant was killed whilst repairing a robot.  There are reports that the worker was standing inside the safety exclusion zone when the accident occurred.  

Ed Lewis is a Partner in the Insurance and Reinsurance team and Kurt Rowe is an Associate in the Insurance Market Affairs Group of national law firm Weightmans LLP.

Manufacturers will need to radically overhaul their health and safety protocols and ensure that training is adapted to protect those workers that remain in close proximity with this newly automated technology.  

So it’s clear that for manufacturers to take full advantage of the digital revolution, they will require a totally new mindset. Let’s just hope this change in thinking doesn’t come at the expense of a major loss for which the manufacturing market is wholly unprepared.