Introduction
Manufacturing cyber insurance protects operational technology (OT) and industrial control systems (ICS) such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and distributed control systems (DCS) from cyber-driven disruption and loss. For Canadian manufacturers operating in British Columbia, Alberta, Saskatchewan, Manitoba, and Ontario, the right program closes gaps between cyber, property, equipment breakdown, and business interruption policies by adding OT/ICS-focused wording and triggers. This page explains core coverages, key triggers (including “system failure”), exclusions to watch, and how Summit structures OT/ICS programs for plants and supply chains.
-
Start here for broader cyber concepts: Cyber Insurance
-
OT downtime and lost production: Business Interruption Insurance
-
Property and equipment at fixed locations: Commercial Property Insurance
-
Construction/retrofit projects: Builder’s Risk
-
Sector overview: Manufacturing Insurance
Who needs OT/ICS‑aware cyber coverage
-
Discrete manufacturers (machinery, fabricated metals, electronics, plastics)
-
Process manufacturers (food & beverage, chemicals, aggregates, pulp & paper)
-
Utilities within plants (boilers, refrigeration, compressed air, water treatment)
-
OEMs and contract manufacturers integrating PLC/SCADA/DCS into lines
-
Operators with remote access, vendor maintenance, or IIoT telemetry
What manufacturing cyber insurance covers (OT/ICS focus)
First‑party (your losses and response costs):
-
Incident response: forensics, legal, PR, and breach coaching aligned to OT/ICS.
-
Data restoration and reprogramming: recovery of control logic, configurations, historian data, recipes, and HMI/SCADA servers when corrupted by malware or malicious activity.
-
OT/ICS business interruption (BI): lost gross profit and extra expense from covered cyber events affecting PLC/SCADA/DCS and plant networks. See waiting periods and maximum indemnity on your Business Interruption terms.
-
Contingent/Dependent BI: loss from outages at critical suppliers, contract manufacturers, logistics providers, or cloud/OT‑managed service providers.
-
Cyber extortion: ransomware payments (where lawful), negotiation, and restoration.
-
Digital asset re‑creation: rebuilding programs, CAD/CAM files, recipes, and software.
-
Hardware “bricking” (where available): replacement of devices rendered non‑functional by malicious code (review sublimits and eligible devices).
Third‑party (liability to others):
-
Network security and privacy liability from security failures, data breaches, or transmission of malware.
-
Media and IP liability (as offered) for digital content and software embedded in products.
-
Regulatory response: defence, fines/penalties where insurable by law.
Coverage triggers to get right for OT plants
-
Security failure: unauthorized access, malware, DDoS, data exfiltration causing downtime or corruption.
-
System failure (no malicious actor required): unintentional outage from software bugs, failed patches, configuration errors, or human error causing OT/ICS downtime. Ensure the definition explicitly includes “failure or disruption of computer systems, including OT/ICS and embedded controllers.”
-
Dependent system failure: outages at named or broadly defined dependent providers (e.g., OT MSSPs, cloud historians, data centers, telecom/ISP) even absent a cyberattack.
-
Utility/telecom failure extensions: where available, extend BI to upstream power, internet, or data‑center failures tied to a cyber or system failure trigger.
-
Voluntary parting/social engineering: add crime/social‑engineering coverage where funds transfer fraud is a concern for procurement/AP.
Exclusions and gaps to watch
-
War/hostile acts and critical infrastructure carve‑outs: understand how these apply to industrial attacks; seek narrowly tailored language.
-
Property damage and bodily injury: standard cyber policies often exclude direct PD/BI. Coordinate with Commercial Property and CGL; explore equipment breakdown and any cyber carve‑backs.
-
Mechanical breakdown vs. cyber: pure wear/tear or mechanical failure is property/equipment territory, not cyber; ensure triggers align with the true loss cause.
-
Legacy/unsupported systems: sublimits or exclusions may apply to end‑of‑life PLCs/OS; document compensating controls.
OT/ICS wording checklist (request the full checklist)
For a comprehensive checklist, contact Summit: Talk to us. Key items we validate in policies and endorsements:
-
Definitions include OT/ICS, PLCs, SCADA, DCS, HMIs, historians, edge gateways, and embedded controllers.
-
System failure and dependent system failure triggers included for BI/extra expense.
-
Restoration costs include re‑imaging, reprogramming logic, and configuration/hardening of PLC/SCADA/DCS, not just “data files.”
-
Bricking/replacement coverage for compromised controllers/IPC/HMI, with realistic sublimits and eligible device lists.
-
Waiting period suited to plant recovery (e.g., 0–24 hours), not office IT norms.
-
Contingent BI for key suppliers/contract manufacturers and critical telecom/hosting providers.
-
OT forensics vendors pre‑approved; panel flexibility to use industrial specialists.
-
Clarified interaction with Business Interruption, property, and equipment coverage to avoid gaps.
OT risk scenarios mapped to coverage modules
| OT/ICS risk scenario | Likely coverage module | Critical trigger/wording to confirm |
|---|---|---|
| Ransomware encrypts SCADA servers; PLCs left online but unsafe to operate | Cyber first‑party (data restoration, BI) | Security failure; restoration includes SCADA/HMI configs; BI waiting period fit for plant |
| Misapplied patch causes DCS crash and 48‑hour shutdown | Cyber BI (system failure) | System failure trigger (non‑malicious); dependent failure if vendor‑managed |
| Cloud historian outage disrupts QA and shipping | Cyber contingent BI | Dependent system failure; named suppliers or broad IT/OT provider definition |
| Malware corrupts PLC firmware leading to device replacement | Cyber “bricking” (if endorsed) + Property coordination | Bricking sublimit and eligible hardware; property/equipment interplay |
| Vendor remote‑access compromise halts a packaging line | Cyber BI + third‑party liability | Security failure; panel OT forensics allowed; contractual liability considerations |
Limits, deductibles, and pricing drivers
Insurer appetite and premium depend on:
-
Revenue, throughput criticality, and single‑point‑of‑failure exposure
-
OT network design (segmentation, firewalls, jump hosts, remote access control)
-
Backup/restore maturity for PLC/SCADA/DCS and recovery time objectives
-
Age/support status of control systems and patch management cadence
-
Incident history, MFA coverage, EDR/AV, logging/monitoring, and tabletop testing
-
Supplier dependence and business continuity planning Refer to broader factors outlined on Cyber Insurance and Business Interruption.
Risk controls that improve insurability (OT‑specific)
-
Enforce MFA and least‑privilege for all remote access to OT (vendors and staff)
-
One‑way data diodes or brokered jump hosts between IT and OT; strict VLAN/zone segmentation
-
Offline and immutable backups of PLC/SCADA/DCS logic and configs; routine recovery drills
-
Application allow‑listing on HMIs/engineering workstations; endpoint protection on Windows‑based OT assets
-
Vendor access management: time‑bound credentials, logging, and monitoring
-
Network monitoring for OT protocols; asset inventory and firmware baselines
-
Formal incident response playbooks that include OT forensics and safe‑restart procedures
How Summit structures manufacturing cyber programs
Summit is a fully independent Canadian brokerage that compares multiple carriers to align cyber, property, and interruption coverages for manufacturers. Typical deliverables include:
-
Side‑by‑side comparisons of cyber forms with OT/ICS endorsements and BI triggers
-
Coordination with Commercial Property and Business Interruption so mechanical breakdown, cyber, and system failure scenarios are clearly allocated
-
Project coverage alignment with Builder’s Risk during control‑system upgrades or line installs
-
Ongoing, dedicated account management and rapid claims support Get started: Contact Summit or explore Manufacturing Insurance.
FAQs
-
Does cyber cover physical damage or bodily injury in plants? Typically no under standard cyber forms; coordinate with property, equipment, and CGL to address PD/BI exposures and seek limited carve‑backs where available.
-
What if downtime is caused by a configuration mistake, not a hack? Look for the “system failure” trigger on BI/extra expense to cover non‑malicious outages that still halt production.
-
Can suppliers’ outages be insured? Yes, via dependent/contingent BI; confirm naming conventions, geographic scope, and whether utility/telecom/data‑center providers are included.
-
Are legacy PLCs insurable? Yes, but expect sublimits, higher deductibles, or additional controls; document backups, segmentation, and monitored vendor access.
-
How fast can claims support mobilize? Summit provides 24/7 claims triage and coordinates insurer‑appointed adjusters and forensics; see Claim Services.