Cyber Disruption Puts Manufacturing Revenue at Risk

Most manufacturers are familiar with business interruption coverage on their property policy: the protection that kicks in when a fire, flood, or equipment failure forces a shutdown. But business interruption is equally critical for your cyber policy, and it operates differently. A cyber event does not need to physically damage your facility to bring operations to a halt. Locked systems, corrupted data, or a compromised vendor can stop production, freeze shipping, and eliminate revenue, all while your fixed costs keep running.

Ask yourself: if key aspects of your business were down for one to two months, or even one to two weeks, how much revenue could you lose? For most manufacturers, the answer is significant. In a worst-case scenario, an uninsured or underinsured business may not recover at all. A well-structured cyber policy with robust business interruption coverage can be the difference between a disruption you manage and one that ends your business.

One important detail to understand is the waiting period, which functions like a time-based deductible. Your policy does not activate until your systems have been down longer than the waiting period threshold. Most well-positioned manufacturers carry 8- or 12-hour waiting periods. Businesses with weaker security controls may face 72-hour or longer waiting periods, if carriers are willing to offer the coverage at all. Shorter waiting periods mean faster protection; negotiating them requires demonstrating strong risk controls to your insurer.

The Six Business Interruption Coverages Manufacturers Should Know

There are six distinct business interruptions and system failure coverages that manufacturers should verify are included in their cyber policy, ideally at the full policy limit. They fall into three pairs, each addressing a different source of disruption: your own systems, your technology partners, and your supply chain.

Your Own Operations

• Business Interruption: Covers loss of income when a cyberattack takes down your own systems. If ransomware encrypts your ERP or production management software, this coverage replaces revenue lost while your systems are being restored.
• System Failure: Covers loss of income from an internally triggered system failure, not a cyberattack. This most commonly occurs when your IT team deploys a software update that conflicts with existing system configurations, causing an unplanned outage. Even well-intentioned maintenance can create costly downtime, and this coverage ensures you are protected when it does.

Your Technology Partners (Dependent Coverages)

• Dependent Business Interruption: The same as standard business interruption but triggered by a third-party technology provider's cyber event, not your own. An example could include a cloud hosting or SaaS platform your business depends on is taken offline by an attack. Even though you were not the target, your operations are disrupted. This coverage replaces lost income during that outage.
• Dependent System Failure: The same as system failure but triggered by a third-party technology provider's internal failure. A real-world example is the July 2024 CrowdStrike Falcon Sensor outage, caused by a faulty software update, that crashed approximately 8.5 million systems worldwide. Estimated losses reached $1.94 billion in healthcare and $1.15 billion in banking. Large manufacturers lost an estimated $6 million each, with smaller manufacturers also absorbing substantial losses over the five-day recovery. That was not a cyberattack. It was a vendor's system failure that cascaded directly into their customers' operations.

Your Supply Chain (Non-IT Vendors)

• Non-IT Business Interruption: Extends dependent business interruption to non-technology vendors and suppliers. For example, your business sources critical components exclusively from a single supplier. That supplier experiences a cyberattack and cannot fulfill orders for at least a month. This coverage can offset lost income and cover the increased costs of sourcing from an alternative vendor on short notice, including expediting fees and premium pricing needed to meet production deadlines and avoid contractual delay penalties.
• Non-IT System Failure: Extends system failure coverage to non-technology vendors. If a supplier's internal system failure, such as a failed update to their inventory or logistics platform, delays delivery of critical raw materials, this coverage helps protect against the resulting disruption to your production schedule. As manufacturers integrate more deeply with digitally connected supply chains, this exposure continues to grow.

*Coverage note: All six coverages should be explicitly verified in your cyber policy. Sublimits, waiting periods, and exclusions vary significantly by carrier. Work with your Risk Advisor to confirm that business interruption coverage, across all three source categories, is written to the full policy limit wherever possible.

As manufacturers become more technologically integrated, and more dependent on the technology decisions of their partners and suppliers , the exposure to business interruption loss extends well beyond your own walls. A well-structured cyber policy accounts for all three layers of that exposure. The question every manufacturer should be able to answer is: how much could our business lose if a cyber event hit us, our technology partners, or our supply chain? If you do not have a clear answer, that conversation needs to happen before your next renewal.