Potential systemic risks lurking within IIoT

A report published today considers potential real-world scenarios whereby a range of cyber attacks may cause physical damage to industrial organisations.

The report, produced by Lloyd’s, CyberCube and Guy Carpenter, looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.

Increasingly connected ICS have long been a creeping risk for companies in the manufacturing, shipping, energy and transportation sectors, as they build more bridges between physical assets and the internet, and as cyber threats become more sophisticated. While cyber risks have previously been considered unlikely to materially impact the physical market, growing connectivity is changing the risk profile of these assets.

The Emerging Cyber Threat to Industrial Control Systems report details three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems could generate major insured losses, significant property damage and even loss of human life.

Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios, the report focuses on three potential routes of attack by organised hackers:

1. A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution;

2. A targeted attack, in which attackers exploit a vulnerability in widely used IoT devices found in industrial settings;

3. The infiltration of industrial IT networks to cross the OT ‘air-gap’.

In one scenario, once attackers gained access to a target firm’s IT system, they exploit ICS to inflict physical damage on the plant. This could, for example, involve gaining control of water pumps or temperature regulation systems.

Pascal Millaire, CyberCube’s CEO, said the risks are potentially far-reaching. "Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk,” he explained.

"The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy."

    Share Story:

Recent Stories

Are property insurers ready for timber
The Structural Timber Association is gearing up to help all stakeholders in the construction supply chain to fully appreciate the advantages of building in timber, how to deliver such projects and most importantly to understand and manage the risks.

The changing face of BC and WAR
The working environment has changed quite dramatically for many over the last six months. With social distancing and the rise of homeworking, it is not just how businesses operate that has changed, but also how they recover. In this podcast we discuss some of the challenges created by the quick shift to home working, why the office may not have seen its last days and how the current environment can impact the ability of a business to recover.