Cyber threat underestimated by engineering insurance
Written by staff reporter
The Internet of Things (IoT) and cloud computing have a direct influence on the engineering insurance risk landscape but are being underestimated by underwriters according to The International Association of Engineering Insurers (IMIA).
A specialist working group established by IMIA to identify the challenges from cyber risks and how they apply to engineering insurance lines reported to the Association’s members at the annual conference in Doha, Qatar today.
Alexander Schmidl, the chair of the IMIA working group, called for increased dialogue between underwriters, brokers and risk managers to promote a greater understanding and awareness of cyber risks in the engineering insurance sector.
“The perception that cyber events do not cause physical damage is being challenged; such damage from cyber risks is a reality and is an issue for all lines of engineering insurance,” Schmidl said.
“Engineering underwriters must address the issue of cyber on all covers they write. Keeping pace with cyber trends is key if they are to remain current in assessing and carrying related risk. Continuous learning will qualify insurers to be long-term risk partners for the industry and its increasingly complex risks.”
Cyber risk can be present anywhere technology and software are used so has the potential to impact right across all phases of an engineering project. The use of Industrial Control Systems (ICS) are another area of increasing vulnerability and loss exposure for engineering classes that underwriters need to consider. Attacks against these systems doubled from 2013 to 2014, according to a threat report from Dell.
The IMIA Working Group reviewed standard questionnaires and clauses for engineering covers and found that the IT component was hardly mentioned. This is an underestimation of the increasing importance of IT in industrial processes and infrastructure. Potential loss scenarios based on the increasing interconnectivity of and remote access to industrial control systems are also under-evaluated.
The Working Group also highlighted the challenges inherent in the pricing of engineering insurance in relation to cyber threats. Mr Schmidl said: “Traditional engineering lines pricing is usually retrospectively derived from loss and exposure data covering areas such as loss frequency, exposure data and the severity and distribution of losses. To create an effective cyber pricing model for engineering lines will required increased focus on collating cyber loss data in all these areas.
“Industry-specific cyber loss scenarios have to be identified and defined. Transparency in respect of cyber losses and the sharing of data after any loss pay outs and forensic investigations should be a goal, particular for those involved in claims. However, this has its challenges with the incomplete nature of contemporary loss data for cyber events, with many cyber events remaining unpublished to protect corporate confidentiality and reputations.”