Lloyd’s report finds increasing risk of cyber attack on industrial sector

Lloyd’s has partnered with risk analytics firm CyberCube and reinsurance broker Guy Carpenter on a new report examining the increasing high risk of cyber attack to industrial and manufacturing businesses.

Their analysis details three real-world scenarios that represent the most plausible routes by which a cyber attack against industrial control systems (ICS) could generate major insured losses.

The report considers four key industries dependent upon ICS (manufacturing, shipping, energy, and transportation) and assesses precedent and potential impact on each, as well as the three potential routes of attack by organised hackers.

The first route, it said, was a targeted supply-chain malware attack in which malicious actors breach a device manufacturer and compromise its products before distribution. The second being a targeted attack in which attackers exploit a vulnerability in widely used Internet of Things (IoT) devices found in industrial settings, and the third saw the infiltration of industrial IT networks to cross the OT “air-gap”.

The report noted that as these cyber threats continue to evolve and become more sophisticated, it is crucial for insurers to understand these emerging risks in order to keep pace with their clients’ exposures.

Kirsten Mitchell-Wallace, Lloyd’s head of portfolio risk management, said: “The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios.

"We know that the risk of ICS-based cyber-physical events is increasing and because of this, we’ve partnered with CyberCube and Guy Carpenter to create illustrative scenario pathways based on highly realistic threats and modes of attack.”

Pascal Millaire, CEO of CyberCube, said: “The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”

Jamie Pocock, Guy Carpenter’s head of GC Cyber Analytics – International, further explained: “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life.

"The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.