September 3, 2024 4 Ways to Build Resilience in the Face of Tech Outages

How small to mid-size manufacturers can modernize continuity plans to prepare for the unexpected.

By Brett Hoopingarner and Chris Palmer

Imagine starting your day as usual—production lines humming, orders flowing—when suddenly, your entire IT infrastructure goes dark. The disruption isn’t caused by a cyberattack but by a supplier’s failure, a vendor issue, or an outage from a third-party provider, like the recent CrowdStrike and CDK dealership incidents.

In the CDK Global outage, thousands of dealerships across the U.S. lost access to core systems for days, crippling their operations. Similarly, when CrowdStrike experienced a service disruption affecting 8.5 million devices, companies relying on its cloud services—all sizes and from all industries—found themselves vulnerable and supply chains suffered. These weren’t malicious attacks, but the impact was just as significant, leading to widespread chaos and financial loss.

For small- to mid-size manufacturers, these events are a reminder that continuity planning must evolve. It’s no longer just about having a backup location if your facility goes offline, say from a devastating storm. You need to consider, “What do I do if something indirectly impacts me?”

4 strategies to fortify business resilience

The days of old-school continuity planning are over. Risks change daily. If you haven’t given your business continuity strategy a facelift yet this year, it may already be outdated. Here’s how to get started:

1. Build your continuity plan to reflect current risk

• As threats evolve, so too must your approach to managing them. Create a comprehensive continuity plan that reflects today’s risks. Start with regular risk assessments across your business to ensure that plan strategies are current.
• Incident response is key. Your plan should clearly outline who will take the lead during a crisis and identify how communication will be managed, ensuring that everyone involved is trained and capable of responding effectively. Regular tabletop exercises are helpful for evaluating your team’s preparedness and ironing out any weak points before a real incident occurs.

2. Strengthen your security practices

• Your employees are your first line of defense, so set clear expectations about information security and handling sensitive data. Implement security assessments to gauge and monitor your organization’s risk posture. Regularly audit your providers to ensure they’re maintaining the highest standards of security. Effective staffing and training policies are essential to building a culture of preparedness, so your team knows exactly what to do when faced with unexpected challenges.

3. Rethink competitors: Is there potential for crossover?

• The manufacturing landscape has changed, and so should your relationships with competitors. In today’s interconnected world, your competitors can serve as allies—or even business partners.
• It’s time to think “rogue” when forming contingency plans. For example, you might rely on supplier X while your competitor down the road uses supplier Y. Why not establish a backup relationship? If your supplier fails, your competitor’s supplier could step in, and vice versa.

4. Develop a robust communications plan

• In the event of an outage, communication is crucial—not just internally, but with your customers and business partners. If your operating systems go down, your regular communication channels may go with them. Silence can damage your reputation, especially when customers are left in the dark about their orders.
• Consider alternative methods of staying in touch: personal cell phones, backup communication systems, or even a physical printout of key customer information. Having these measures in place can minimize reputational loss and maintain trust with your customers during a crisis.

Do you have the right coverage, limits, and riders in place?

Even the most comprehensive insurance policies may not fully cover your risks. For example, in the recent CrowdStrike incident, significant portions of losses incurred weren’t covered due to coverage exclusions, leaving businesses to bear the brunt. This underscores the importance of working with your insurer to identify coverage gaps and minimize them wherever possible.

• Cyber insurance. Many manufacturers recognize the need for cyber insurance but often carry outdated limits—typically in the $25,000 to $50,000 range—based on the assumption that it “hasn’t happened to us yet.” This thinking is risky in today’s environment, where you’re just as likely to be indirectly affected by a cyber event. Ensuring your coverage reflects current risks is essential to avoiding large, unexpected out-of-pocket losses.
• Business interruption coverage. The CDK Global situation highlighted how limited business interruption coverage can be in certain cases. Having the right coverage is vital to recovering loss of income, extra expenses, and forensics costs. Look for a policy that covers both direct and indirect disruptions.
  
  Another important rider to consider is utility service interruption coverage. In severe weather events like Hurricane Sandy, businesses with this rider included in their business interruption policies were better protected from unexpected outages, which in that case lasted days and even weeks.

Prepare now for unexpected business outages

Traditional approaches to continuity planning are no longer sufficient. Modernize your strategies, which should include regularly assessing and updating your coverages. Prepare for direct and indirect disruptions to maintain operations when unexpected challenges occur. Talk with your local experts, and insurer, for help getting started.

Brett Hoopingarner is the Director of Underwriting for Sentry Insurance. Sentry insures more than 8,000 manufacturers. Learn more at sentry.com.

Chris Palmer works for Sentry’s direct writer segment. Sentry provides property, casualty, life insurance, and retirement products to manufacturers throughout the country. Learn more at sentry.com.

Subscribe to Industry Today