Manufacturers don’t operate alone; OEMs and integrators are effectively ‘in the house.’ That’s where third‑party risk shows up. OEMs can derail production with bad or late parts, breakdowns, logistics disruption, recalls and remote-access cyber exposure. Integrators can raise your cyber risk even more because they are often granted higher-level access in order to configure systems.
Jen Warman is a Senior Client Executive with more than 14 years of experience supporting manufacturers and other complex Canadian businesses. In this article, she breaks down OEM and integrator risks that can disrupt manufacturing processes, as well as the practical steps to reduce them.
Almost everything that manufacturers do involves a third-party to some degree, be it where you get your supplies from, where you ship your goods to or the partners who touch your operations.
While it’s easy to focus on the risks within your ‘four walls,’ the reality is working with third parties — like OEMs (original equipment manufacturers) and integrators — puts manufacturers in a vulnerable position.
While you can’t control third-party risk, you can control how you react. This starts with understanding the difference between OEM and integrator risk, what can go wrong and how to reduce the impact when things don’t go as planned.
“Third-party risk can be just as crippling as first-party risk.“
Jen Warman, Senior Client Executive, Acera Insurance
OEMs and integrators in manufacturing: What’s the difference?
OEMs make the products or the components, often the machines and parts that manufacturing operations rely on.
Integrators assemble, customize and implement those products into a usable system. They usually configure connections, operations and structure in manufacturers’ environments.
That difference matters because:
- OEM risk can hit manufacturers through parts, production, support and defects.
- Integrator risk can increase cyber vulnerability through access and configuration.
What risks do OEMs create in manufacturing
When manufacturers rely on an OEM, especially for critical machines and components, risk tends to show up in a few specific ways:
Bad parts or late parts
If your OEM or supplier sends a bad part or a late part, you can’t complete the job. Quality issues and counterfeit parts can sneak in, leaving you to deal with failures you didn’t cause.
OEM breakdowns and service problems
OEM breakdowns can hit you fast. Their machine breaks down, and suddenly you’re not getting parts, so production stops. Plus, there’s a point when most OEMs stop supporting older machines, making it difficult to get parts or repairs.
Design or software problems
A lot of OEM risk falls into design and software problems with their machines. The bigger one people miss is locked‑in technology, which is when only they can do the updates or repairs. If the OEM is slow, unavailable or closed, your investment is at risk.
Logistics disruption and recall exposure
Logistics disruption can delay or stall shipments. And if a defective component that someone else produced ends up inside your end product, you can land in recall territory, because it’s your finished product going out the door.
“OEM risks are anything can impact your ability to produce, ship and stay profitable.“
Jen Warman, Senior Client Executive, Acera Insurance
What risks do integrators create in manufacturing
Integrators assemble, customize and implement systems. This usually means they have the highest level of access, because they’re configuring machines and systems.
As a result, if an integrator’s access isn’t controlled properly, or if their cyber practices are inadequate, you can inherit cybersecurity risks that you didn’t create.
OEMs, integrators and third-party cyber risks in manufacturing
A growing cyber risk right now stems from systems owned and managed by vendors that manufacturers log into themselves. So, you essentially take on the risk of that vendor when you are logged into their system.
Or, on the other side of it, a lot of vendors are now logging into manufacturers’ systems to troubleshoot, update software or manage equipment. This also presents significant cyber risks.
Manufacturers need to be aware of how vendors’ poor cybersecurity practices can cross over to affect their own operations. For example:
- If OEMs and integrators use weak or shared passwords, cybercriminals can more easily access systems and disrupt production.
- If OEMs and integrators do not remove old accounts, theirformer employees/users may still be able to access your systems.
- If OEMs and integrators use unsecured devices, this creates an opening for cybercriminals to enter your environment.
- If OEMs and integrators use poorly segmented networks, cybercriminals can more easily jump into and attack your system.
- If OEMs and integrators have unpatched software, this creates holes in your own cybersecurity and operations.
7 steps to reduce OEM and integrator risk in manufacturing
You can’t necessarily control third parties, but you can minimize threats by following best practices and ensure you have insurance to fall back on if those precautions fail.
“You can’t eliminate third party risk, but you can greatly reduce it by having the right strategies in place.“
Jen Warman, Senior Client Executive, Acera Insurance
Here are the steps manufacturers should take:
1) Know who your critical suppliers and integrators are
Start with visibility. Know who they are and how critical they are to your ability to produce and ship.
Why: The biggest risk is the unknown. Once you know who your critical partners are, you can plan how you’ll react to potential risks.
2) Use strong contracts with clear expectations and insurance requirements
Your process should always outline clear expectations and clear insurance requirements.
Why: Strong contracts are foundational to reducing third-party risk. Clear contractual language makes it obvious who’s responsible for what and what protection is in place.
3) Make “additional insured” a standard request
Being listed as an additional insured means you’re covered under the vendor’s policy if their work or product causes a loss. Make sure to get a certificate that lists you as an additional insured on their insurance policy.
Requesting to be an additional insured should be part of every conversation when you have someone doing work for you.
Why: Because you don’t want to be on the hook for a vendor’s mistake. Additional insured status can help push the claim through their insurance coverage, not yours.
4) Check if your vendors carry cyber insurance
Cyberattacks are one of the biggest risks leading to lost income these days. If a vendor’s work increases your cyber vulnerability, you need to know they have cyber insurance as an extra layer of protection.
Why: Because when a vendor logs into your system and touches your operations, their cyber insurance policy is one more backstop if cybersecurity precautions fail.
5) Limit and monitor third‑party access to your systems
Limit, monitor and be intentional about who gets access, especially for integrators with higher-level configuration access.
Why: Strict access controls help to reduce the likelihood that a vendor’s cyber issue will turn into operational disruptions for you.
6) Build redundancy so one problem doesn’t stop everything
Maintain backup suppliers, multiple sourcing options across different geographic regions, extra stock on hand and alternative transportation routes.
Why: Redundancy keeps production moving. When one link in the supply chain breaks, you’ve already got another option ready to go.
7) Review your own insurance limits
Regularly review your own manufacturing insurance program limits (particularly for cyber insurance and contingent business interruption insurance) to ensure they remain sufficient.
Why: A quick check can ensure your insurance coverage aligns with the reality of rising costs.
Manufacturing insurance for third-party risks
The following are just some of the coverages that commonly help protect manufacturers from first-party risks, or those within their ‘four walls’:
- Commercial general liability insurance (CGL) to cover legal expenses if your operations or products cause bodily injury or property damage.
- Commercial property insurance to cover costs for repairing or replacing damaged or destroyed physical assets (i.e., building, machinery, equipment, inventory, furniture).
- Business interruption insurance to cover lost income and ongoing expenses when you’re forced to suspend operations due to a covered property loss.
- Equipment breakdown insurance to cover the cost for repairing or replacing equipment (i.e., mechanical, electrical, pressure) that suddenly or accidently broke down.
But manufacturers should also consider the following coverages to protect themselves from third-party OEM and integrator risks:
| Coverage | What it protects against |
|---|---|
| Cyber insurance | Can protect against cyberattacks and ransomware, including vendor-caused incidents and outages. |
| Contingent business interruption insurance | Can cover loss of income related to supplier-related outages, such as supply chain failures that halts productions. |
| Product recall insurance | Can help cover the cost of pulling products back, which is critical when your product includes pieces produced by someone else. |
| Product liability insurance | Can help respond if your product injures someone or causes property damage, again a critical coverage when relying on OEM parts. |
As always, it’s important to remember that insurance isn’t one-size-fits all, especially when third-party risks are involved. Talk with a manufacturing insurance specialist to review your risks and your policies so you clearly understand what you’re covered for.
OEM and integrator manufacturing risks are manageable
My overarching message to manufacturers is simple: look outside your four walls. Third-party risk can be just as crippling as first-party risk. You can’t necessarily control it, but you can set up best practices to avoid those situations. And you can put the right insurance in place, so you have something to fall back on if those precautions fail.
If you’re not sure where your gaps are today, start with two things:
- map your OEM and integrator relationships (and who has access), and;
- review your contracts and your coverage so there are no surprises when there’s a loss.
FAQs: Third-party risks in manufacturing
Acera Insurance’s Jen Warman answers six questions about third-party risks in manufacturing:
Third‑party risk management looks specifically at risks coming from outside your four walls, such as suppliers, contractors, OEMs, integrators, logistics providers and anyone who touches your operations.
Third-party risk management is one component of overall risk management, which also includes internal risks from employees, equipment, finances, safety plans and assets you directly control.
Supply chain risks in manufacturing are the “weak link” problems; when one part of the chain fails, production can stall.
Common risks include relying on a single supplier for a critical component, weather-related delays, transportation disruptions, strikes, political instability, quality issues, natural disasters and changes to import/export rules.
OEM risk is any operational or financial impact caused by what an original equipment manufacturer does or fails to do.
Examples include defective or late components, equipment downtime that shuts down your line, cyber incidents linked to vendor remote connections, disrupted logistics and product recalls tied to supplier-made defects.
Integrators assemble, customize and implement manufacturing products into a usable system.
Because of this, integrators usually have a high level of access since they configure machines and systems for manufacturers. This access expands a manufacturer’s cyber exposure, particularly if integrators do not have robust cybersecurity practices established.
Third‑party cyber risks in manufacturing come from vendors that remotely log into your systems to troubleshoot, update software or manage equipment.
Problems show up when access controls are loose, such as shared passwords, stale accounts, unmanaged vendor devices, flat networks that let attackers move between systems and missing patches. When access is not tightly controlled, it can turn vendor connectivity into a security hole for manufacturers.
Minimizing third‑party risk is an ongoing discipline that requires manufacturers to focus on two things: controlling what you can and building options for what you can’t.
Know your vendors, set clear contractual standards and require proof of insurance (especially cyber coverage) plus additional insured status when it makes sense.
Limit and monitor vendor connectivity, enforce quality management and security controls, and respond quickly to red flags like late shipments, repeated defects or weak communication.
And add redundancy with multiple suppliers, extra inventory and alternative transportation plans.
Share this article:
Also by Jen Warman:
- Insurance as a competitive advantage for Canadian manufacturers
- Global crisis to local disruption: Supply chain challenges for Canadian manufacturers
Jen Warman is a Senior Client Executive at Acera Insurance. With more than 14 years of experience in the insurance industry, Jen specializes in supporting manufacturing companies, contractors and businesses with complex risk profiles. Licensed in both British Columbia and Alberta, she is well-positioned to serve clients across Western Canada. Her mission is simple: to make insurance easy to understand and even easier to manage. Jen takes pride in being a strong advocate for her clients — negotiating the best terms, offering clear advice and delivering a consistently exceptional experience. Whether your business is navigating risk management or looking for a more strategic insurance partner, Jen is committed to helping you thrive. You can connect with Jen at jen.warman@acera.ca or 250.824.2905.
Information and services provided by Acera Insurance, Acera Benefits and any other tradename and/or subsidiary or affiliate of Acera Insurance Services Ltd. (“Acera”), should not be considered legal, tax, or financial advice. While we strive to provide accurate and up-to-date information, we recommend consulting a qualified financial planner, lawyer, accountant, tax advisor or other professional for advice specific to your situation. Tax, employment, pension, disability and investment laws and regulations vary by jurisdiction and are subject to change. Acera is not responsible for any decisions made based on the information provided.
Get a quote.
Simply fill out a few details in our online form and one of our expert advisors will get your quote started.