What OT assets (PLC/SCADA) should be included in the policy’s Computer System definition?

Ensure programmable logic controllers (PLCs), SCADA, DCS, HMIs, plant historians, and associated process networks are explicitly included—covering restoration, reprogramming, and data reconstitution.

Does Business Interruption (BI) trigger for accidental OT/ICS system failures, or only confirmed attacks?

Seek wording that triggers BI for unintentional or accidental system failure impacting OT/ICS, not just confirmed external attacks, and confirm the waiting period and any sublimits.

How should contingent BI address supplier or OEM OT disruptions?

Contingent BI should extend to critical third parties’ OT/ICS (e.g., key component suppliers, contract manufacturers, OEM‑managed control systems) when their outage interrupts your operations.

Is device bricking (permanent inoperability) covered for PLCs and HMIs?

Confirm explicit coverage for bricking—whether caused by malicious code or corrupted updates—including replacement, reconfiguration, and related downtime costs where applicable.

Can Summit place OT‑aware cyber policies and coordinate property/BI carve‑backs?

Yes. Summit places OT‑aware cyber with leading markets (e.g., Beazley, CFC, Chubb) and coordinates property/BI programs with appropriate cyber carve‑backs, subject to underwriting.

Cyber for OT/ICS in Manufacturing: Wording & Incident‑Response Checklist

Note: Coverage quick‑pick for manufacturers (OT/ICS) - Device bricking: Ensure explicit coverage to replace/reflash PLCs/HMIs rendered inoperable by malicious code or corrupted updates. - System‑failure BI trigger: Seek BI that responds to unintentional/accidental OT system failure (not only confirmed cyberattacks). - Contingent BI (suppliers): Extend dependent/contingent BI to critical suppliers’ OT/ICS and OEM‑managed control systems. - Regulatory watch (Canada): Track Bill C‑26 (Critical Cyber Systems Protection Act) developments for critical infrastructure; align controls with Canadian Centre for Cyber Security guidance. Sources: Canadian Centre for Cyber Security, Government of Canada updates on Bill C‑26.

Cyber Risk Management for Operational Technology (OT) and Industrial Control Systems (ICS) in Manufacturing

Last updated: November 2025

OT/ICS cyber shopping checklist (what underwriters will expect)

MFA on remote access and all privileged accounts (including vendor access)
Network segmentation between IT and OT; least‑privilege firewall rules; no flat networks
Backups: offline/immutable copies of PLC logic, HMI configs, and historians; periodic test restores documented
Asset inventory of OT/ICS (PLCs, HMIs, firmware versions, interfaces) and configuration baselines
Patch and vulnerability management for OT where vendor‑supported; validated hotfix process with OEM/integrator
EDR/AV on Windows/Linux servers and HMIs; application whitelisting where feasible
Secure remote access (jump hosts, VPN with MFA, session recording) for OEMs/integrators
Email security controls and ongoing phishing awareness training for plant and engineering teams
Incident response plan covering OT, exercised via tabletop in the last 12 months; clear insurer hotline steps
Logging and time‑synced event retention for PLCs, HMIs, historians, and engineering workstations

Carrier wording landscape at a glance (OT/ICS)

Topic	Typical baseline	Watch‑outs	Stronger positions to seek
Computer System definition	IT systems clearly included	OT/ICS not named; ambiguous “computer”	PLCs, SCADA, DCS, HMIs, historians explicitly included
System failure BI trigger	BI for malicious cyber events	BI only after “confirmed attack”; IT‑only	BI triggered by accidental/unintentional OT system failure
Bricking coverage	Sometimes for IT endpoints	Silent on OT devices; “repair vs replace” limits	Explicit bricking coverage for PLCs/HMIs incl. replacement/config
Cyber‑physical carve‑backs (Property/EB)	Broad cyber exclusions	No carve‑back for OT‑caused PD/BI	Named carve‑backs for cyber events impacting OT/plant equipment
Contingent BI (suppliers)	Named IT service providers	OT at OEMs/contract mfrs excluded	CBI for suppliers’ OT/ICS outages and critical third parties
Waiting period & sublimits	Standard hours and IT sublimits	Longer waits for OT; low sublimits	OT‑specific waiting period options; adequate sublimits/extended indemnity
Data restoration	IT databases/files	Historians/recipes excluded	Restoration of historians, batch/recipe data, configs
IR panel access	IT forensics panel	No ICS expertise	Access to ICS/OT IR vendors and OEM coordination
Breakdown vs cyber interplay	Mechanical breakdown only	Cyber excluded across forms	Coordinated property/EB with cyber carve‑backs for OT events
Regulatory/Canada fit	General privacy	Limited Canada language	Coverage for Canadian investigations/notifications where applicable

Alignment reference: Canadian Centre for Cyber Security OT guidance (cyber.gc.ca); ensure policies contemplate Canadian breach obligations where relevant to your data flows.

Policy wording quick‑check (OT/ICS)

Term	Quick check (what to confirm in your policy)
PLC	Explicitly included in “Computer System”/OT definitions; restoration and reprogramming covered.
SCADA	SCADA, DCS, HMI, and plant historian named or clearly encompassed; data restoration and recovery costs covered.
Bricking	“Bricking” or permanent inoperability of devices covered (whether from malicious code or corrupted updates).
System failure trigger	BI triggers on unintentional/accidental system failure affecting OT/ICS—not only confirmed external attacks.
Qualifying‑period BI	Waiting period applies to OT outages; confirm hours, sublimits, and any extended indemnity options.
Contingent BI	Dependent/contingent BI includes supplier OT/ICS disruptions and critical third‑party control systems.

Market access: Summit places OT‑aware cyber with leading markets such as Beazley, CFC, and Chubb, and coordinates property/EB with appropriate cyber carve‑backs. Availability depends on risk profile and underwriting.> Canada compliance quick‑note: Align OT/ICS risk management with Canadian Centre for Cyber Security guidance (Cyber Centre) and PIPEDA obligations (e.g., safeguards, breach assessment/reporting). Ensure incident logs, vendor data‑processing agreements, and notification workflows are in place; confirm policies contemplate regulatory investigations and privacy claims where applicable. Sources: Cyber Centre (cyber.gc.ca); PIPEDA (Office of the Privacy Commissioner of Canada).

Related: See the Manufacturing Insurance bundle for property/BI alignment: https://www.summitcover.ca/industries/manufacturing

Updated: Nov 2025.

Program Overview: Manufacturing Cyber Insurance for OT/ICS

This guide translates general cyber insurance concepts into the realities of plant-floor OT/ICS. It is designed to help manufacturers align standalone cyber, property/BI, and equipment breakdown policies so PLCs, SCADA, DCS, HMIs, and supporting networks are explicitly within scope—both for cyber events and non-malicious system failures.

Use this alongside Summit’s Cyber Insurance overview and the broader Manufacturing Insurance bundle. Together, these pages outline how to negotiate clear definitions (e.g., “Computer System”), ensure BI triggers for OT failures, secure carve-backs where cyber exclusions exist, and extend contingent BI to critical suppliers’ control systems.

A practical manufacturing program typically ensures: 1) standalone cyber with OT-inclusive definitions and IR vendor access, 2) property/BI with cyber carve-backs and system failure triggers for OT assets, and 3) equipment breakdown where applicable for control-system-connected machinery.

Representative OT/ICS loss scenarios to validate in your policies

Device “bricking”: PLCs/HMIs rendered inoperable after malicious firmware tampering or corrupted updates; recovery and BI hinge on OT-inclusive system failure triggers.
PLC logic tamper: Unauthorized changes to ladder logic cause scrap, quality issues, and downtime; look for coverage of restoration, data reconstitution, and resulting BI.
SCADA historian loss: Corrupted/deleted plant historian and batch records force controlled shutdowns, quality investigation, and potential recall; confirm data restoration and BI are triggered even absent confirmed external attack.

Updated: September 12, 2025

This page explicitly addresses PLC and SCADA risks including device bricking, system failure triggers, dependent BI exposures, and potential cyber‑physical injury in manufacturing environments.

Effective cyber insurance for manufacturers increasingly requires specific attention to the protection and incident response capabilities covering OT/ICS environments—including PLCs, SCADA, and HMI systems. This guide provides key policy wording checkpoints, an incident response checklist, and advice for managing OT/ICS supplier dependencies.

Key Wording Checkpoints for Manufacturing Cyber Policies

When negotiating or reviewing your cyber insurance or property/business interruption (BI) coverage, ensure the following are addressed:

1. OT/ICS Assets Included in Computer System Definition

Confirm that OT/ICS components (including PLCs, SCADA, DCS, and HMI) are explicitly included in the policy's definition of "Computer System" (or equivalent term).
Example wording: "Computer System includes any programmable logic controller (PLC), supervisory control and data acquisition (SCADA) system, distributed control system (DCS), human-machine interface (HMI), or associated industrial control system within the insured’s operations."

2. System Failure and Business Interruption Trigger

Ensure BI coverage triggers on both direct attacks and non-malicious or accidental system failures that impact OT/ICS, not just IT systems.
Example: “System Failure includes the unintentional or accidental failure of any Computer System, including OT/ICS, resulting in interruption of normal business operations.”

3. Physical Damage (PD) and Business Interruption (BI) Carve-Backs

Look for explicit carve-backs reinstating BI/PD coverage where losses are caused by a cyber event impacting OT, even if a “Cyber Exclusion” exists elsewhere in the property/BI policy.
Example: “This exclusion shall not apply to loss or damage to insured property or business interruption resulting from a Cyber Event affecting any industrial control system, programmable logic controller, or process automation network.”

4. Incident Response (IR) Costs and Panel Access

Confirm the policy provides for emergency IR costs specific to OT incidents (forensic analysis, system restoration, communications, regulatory reporting), not just IT endpoints.
Ensure you have access to insurers’ preferred ICS/OT cybersecurity vendors, not only general IT response firms.

5. Supplier/Production Network Dependencies

Confirm supplier disruption coverage applies to losses arising from cyber events impacting critical OT/ICS at third-party locations (contingent BI).
Example: "Contingent Business Interruption covers losses arising from a Cyber Event affecting any critical OT/ICS assets of direct suppliers or critical third parties."

OT Incident Response Panel: Essential Workflow

Manufacturers should maintain an incident response (IR) plan that aligns with the following workflow:

Immediate Detection and Isolation
Initiate detection monitoring (SIEM/ICS security appliances)
Segregate affected OT networks as feasible
Engage ICS/OT Incident Response Panel
Notify insurer’s hotline and ICS specialists (panel response)
Activate legal/privacy counsel for notification and privilege
Forensic Investigation & Assessment
Collect/mirror affected HMIs, PLCs, plant historian logs
Interview engineering/OT teams; document affected systems
Restoration & Recovery
Validate backup integrity (air-gapped preferred)
Coordinate controlled system reboots; avoid re-infection
Regulatory & Stakeholder Communications
Prepare compliance notifications (cybersecurity, privacy, safety)
Update key stakeholders (management, EHS, legal, production)
Post-Incident Review
Update playbooks and technical defenses (network segmentation, MFA)
Debrief with insurer for claim documentation

10‑Step OT Incident Response Checklist (print‑friendly)

[ ] 1) Protect people and equipment: verify safety interlocks, E‑Stops, and process safety systems; escalate to EHS.
[ ] 2) Triage and isolate: segment affected cells/lines; block remote access; preserve power to PLCs to retain volatile data where safe.
[ ] 3) Notify carrier panel: call your insurer’s hotline; request ICS/OT‑specialized IR vendors and breach counsel (privilege).
[ ] 4) Legal hold and logging: initiate evidence preservation for HMIs/engineering workstations, PLCs, historians, and network captures.
[ ] 5) Scope OT impact: catalogue affected PLCs, firmware, ladder logic versions, HMI nodes, historian tags, and quality/batch dependencies.
[ ] 6) Backup integrity check: validate golden images, logic backups, and configs (prefer air‑gapped, hash‑verified copies).
[ ] 7) Eradication plan: remove malicious code/update corruption; coordinate OEMs/integrators for validated patches and firmware.
[ ] 8) Staged restoration: reflash/reload PLC logic; rebuild HMIs and historians; test I/O and interlocks in a controlled environment first.
[ ] 9) Production re‑start: run with enhanced monitoring; confirm quality, OEE, and safety metrics before full ramp.
[ ] 10) Claims and lessons: document BI start/stop times, waiting period, sublimits; update playbooks, segmentation, MFA, and vendor access.

Want a 1‑page PDF of this checklist for your plant wall? Request it via our Contact page: https://www.summitcover.ca/contact-us

Supplier/Third-Party Dependency Guidance

Map all critical upstream/OEM vendors and automate assessment of their cyber resilience, not only IT but also OT supply chain exposure (e.g., process valve/robotic integrators).
Require suppliers to maintain minimum OT-specific cyber hygiene (e.g., software patching of PLCs, endpoint monitoring).
Negotiate regular tabletop exercises involving both your and key supplier's OT/ICS teams to simulate coordinated incident response.

Related Resources

For a full overview of cyber coverages, see the Cyber Insurance main page.
To explore industry-specific exposures, visit the Manufacturing Insurance bundle page.

References:

Canadian Centre for Cyber Security, "Cyber Threat Bulletin: Cyber Threats to Operational Technology" (cyber.gc.ca)
Insurance Bureau of Canada, "Cyber Insurance and Policy Wording Guidance" (ibc.ca)
Marsh, "Cyber Insurance for Industrial Control Systems: Coverage Best Practices" (marsh.com)

For a dedicated manufacturing cyber review or to access insurer ICS/OT incident response panels, contact Summit Commercial Solutions.