Potential systemic risks lurking within IIoT

A report published today considers potential real-world scenarios whereby a range of cyber attacks may cause physical damage to industrial organisations.

The report, produced by Lloyd’s, CyberCube and Guy Carpenter, looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.

Increasingly connected ICS have long been a creeping risk for companies in the manufacturing, shipping, energy and transportation sectors, as they build more bridges between physical assets and the internet, and as cyber threats become more sophisticated. While cyber risks have previously been considered unlikely to materially impact the physical market, growing connectivity is changing the risk profile of these assets.

The Emerging Cyber Threat to Industrial Control Systems report details three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems could generate major insured losses, significant property damage and even loss of human life.

Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios, the report focuses on three potential routes of attack by organised hackers:

1. A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution;

2. A targeted attack, in which attackers exploit a vulnerability in widely used IoT devices found in industrial settings;

3. The infiltration of industrial IT networks to cross the OT ‘air-gap’.

In one scenario, once attackers gained access to a target firm’s IT system, they exploit ICS to inflict physical damage on the plant. This could, for example, involve gaining control of water pumps or temperature regulation systems.

Pascal Millaire, CyberCube’s CEO, said the risks are potentially far-reaching. "Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk,” he explained.

"The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy."

    Share Story:

Recent Stories

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021