Companies

New Lloyd’s report highlights the increasing risk of cyber-attack to the industrial sector

Image

Lloyd’s, in partnership with cyber analytics specialist CyberCube and reinsurance broker Guy Carpenter, has today launched a new report which examines how ‘Internet of Things’ devices are posing an increasingly high risk of cyber-attack to industrial and manufacturing businesses.


As cyber threats continue to evolve and become more sophisticated, it is crucial for insurers to understand these emerging risks in order to keep pace with their clients’ exposures.

The new report: The Emerging Cyber Threat to Industrial Control Systems, considers potential real-world scenarios which visualise a range of cyber-attacks causing physical damage to major industrial and manufacturing organisations.

Cyber-attack risks have previously been considered unlikely to materially impact the physical market, with cyber perils traditionally emerging in the form of non-physical losses. However, the report looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches. As bridges are increasingly being built between information technology (IT) and operational technology (OT), along with increases in automation and sophistication of threat actors, it is paramount that (re)insurers carefully consider where major losses may occur.

Lloyd’s, CyberCube and Guy Carpenter have conducted an analysis detailing three scenarios which represent the most plausible routes by which a cyber-attack against industrial control systems (ICS) could generate major insured losses. The report considers four key industries dependent upon ICS (Manufacturing, Shipping, Energy, and Transportation) and assesses precedent and potential impact on each.

Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios of business, the report focuses on three potential routes of attack by organised hackers:

  • A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution
  • A targeted attack, in which attackers exploit a vulnerability in widely used Internet of Things (IoT) devices found in industrial settings
  • The infiltration of industrial IT networks to cross the OT “air-gap”.

In one scenario, malware is introduced into the industrial site via malicious software updates and/or installation of new (infected) devices. A logic bomb in the malware delays the activation with specified conditions that can be programmed for maximal impact. Other scenarios could, for example, lead to attackers gaining control of water pumps or temperature regulation systems.

Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management, said: “The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios.

“We know that the risk of ICS-based cyber-physical events is increasing. Because of this, we’ve partnered with CyberCube and Guy Carpenter to create these illustrative scenario pathways based on highly realistic threats and modes of attack.”

Pascal Millaire, CyberCube’s CEO, said: “Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk. The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”

Jamie Pocock, Guy Carpenter’s Head of GC Cyber Analytics – International said: “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life. The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”

Trending
Share this Post:
Posted by IRL Staff

Advertisement

ad ad

Related articles

Patrick Rastiello joins Ardonagh Specialty to lead North America Reinsurance expansion

Ardonagh Specialty has appointed Patrick Rastiello as CEO* of its North American reinsurance operations.   Patrick will be responsible for building Ardonagh Specialty’s US reinsurance...

Global Markets Overview: February 2024

In this Global Markets Overview, we explore our global outlook and share what we think it means for 2024.  https://www.wtwco.com/en-gb/insights/campaigns/global-markets-overview As...

EAMONN CUNNINGHAM WINS RIMS HARRY & DOROTHY GOODELL AWARD

Risk Management Trailblazer Presented with RIMS Highest Honor for Lifetime Achievement in Risk Management  NEW YORK (February 13, 2024) – At the RIMS New Zealand and Pacific Island...

Insurer’s Lease More Than Doubles Its Chicago Office Space

Sompo International Plans Move to 46-Story Tower at 155 N. Wacker A global specialty insurance provider is more than doubling the size of its Chicago office in a move a few blocks north, bucking the trend...

Haynes and Boone, LLP is pleased to announce that Peter A. Halprin has joined the firm as a Partner

Haynes and Boone, LLP is pleased to welcome Insurance Recovery Partner Peter A. Halprin to the firm’s New York City office. A Chambers USA-ranked attorney, Peter joins from Pasich LLP, where...

LIO Specialty Launches Revolutionary Online Portal for Life Science Insurance Solutions

Leading the Excess and Surplus Lines Market with Innovative Coverage for Cannabis and Nutraceutical Industries  West Conshohocken, PA– LIO Specialty Insurance Company proudly announces the launch...