Potential systemic risks lurking within IIoT

A report published today considers potential real-world scenarios whereby a range of cyber attacks may cause physical damage to industrial organisations.

The report, produced by Lloyd’s, CyberCube and Guy Carpenter, looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.

Increasingly connected ICS have long been a creeping risk for companies in the manufacturing, shipping, energy and transportation sectors, as they build more bridges between physical assets and the internet, and as cyber threats become more sophisticated. While cyber risks have previously been considered unlikely to materially impact the physical market, growing connectivity is changing the risk profile of these assets.

The Emerging Cyber Threat to Industrial Control Systems report details three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems could generate major insured losses, significant property damage and even loss of human life.

Designed to aid individual syndicates’ understanding of the impact of emerging cyber risks on their portfolios, the report focuses on three potential routes of attack by organised hackers:

1. A targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise that manufacturer’s products before distribution;

2. A targeted attack, in which attackers exploit a vulnerability in widely used IoT devices found in industrial settings;

3. The infiltration of industrial IT networks to cross the OT ‘air-gap’.

In one scenario, once attackers gained access to a target firm’s IT system, they exploit ICS to inflict physical damage on the plant. This could, for example, involve gaining control of water pumps or temperature regulation systems.

Pascal Millaire, CyberCube’s CEO, said the risks are potentially far-reaching. "Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk,” he explained.

"The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy."

    Share Story:

Recent Stories

Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021