23 October 2017 Insurance

Cyber physical damage a growing concern

The risk of physical damage arising from a cyber attack is a growing area of concern, driven by recent incidents and the potential scale of future events, according to Tom Harvey, product manager of RMS Cyber Solutions.

There is a huge amount of variety this physical damage can take, he suggested, and RMS tends to focus on areas such as fire or explosion and property damage.

One example would be hackers gaining access to a company’s network operation centre and subsequently to multiple offshore oil rigs, which would then allow them to interfere with the control or safety systems.

“On certain types of oils rigs it’s possible to cause explosions and fires,” Harvey continued. “We explore these scenarios with penetration testers that work in the energy industry. There is a real concern that a malicious actor could—through cyber means—take down an offshore oil rig, which would be huge.”

Harvey cited a 2014 cyber attack on a German steel mill when a blast furnace was targeted, causing an explosion, as detailed in an annual report of the German Federal Office for Information Security (BSI).

“Attackers hacked the corporate network and gained access to the production systems and systematically interrupted the control systems. This caused a blast furnace to explode, causing substantial physical damage to the property,” he said.

Another concern of the industry, according to Harvey, is when a cyber attack is considered an act of terrorism or an act of war, and whether the insurance industry would foot the bill.

He cites the Lazarus Group, a North Korean group of hackers that were rumoured to be involved in the theft of money using the SWIFT interbank lending system, and were close to stealing $1 billion from that attack.

“State-sponsored actors are not looking just to cause physical damage, but also to steal money, interrupt business and cause general economic disturbance. There is a huge range of cyber attacks state-sponsored groups can carry out. The question is whether the insurance industry picks that up? In an ideal world, no.

“It’s not the job of the insurance industry to pick those up, it’s an act of physical war. The difficulty with cyber is the attribution to a specific group. Given that you have these loosely connected groups, and given that forensically going through digital records to identify the actor involved is so difficult, a lot of the risk is sitting on the balance sheets of insurers today,” Harvey concluded.

Get the latest re/insurance news sent to your inbox every day -  Sign up to our free email newsletters

Other stories from the Baden-Baden Day One newsletter

EMEA will not escape the fallout from the US storm losses: Swiss Re

Only a brave underwriter will volunteer a reduction now

Disruption will be central theme of Baden-Baden 2017 meeting

Excess capital will protect ratings

Lloyd’s and Bermuda reinsurers at risk from nat cat losses

US–EU agreement unlikely to mean demise of legal entities

Cedants want tech to deliver transparency

Blockchain faces uphill battle against insurers’ scepticism

Cat capacity up as reinsurers seek growth

Reinsurance innovation will help enable sustainable growth

Using Lloyd’s to expand brokerage business

European reinsurers will benefit if NFIP buys more cover

Capacity will move to stable Europe

Reinsurtech set to transform the industry

In Baden-Baden to negotiate—and drink beer

Regional reinsurers remain undiminished in their importance

A new type of partnership

More growth ahead: GIC Re

Don't miss our insurtech email newsletter - sign up today

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk