Growing physical effect of cyber-attack must be addressed – Lloyd’s

A hard-hitting report has warned the threat of physical damage from cyber threats is growing in both number of incidents and the scale of the attacks themselves.

The report, Shifting powers: Physical cyber risk in a changing geopolitical landscape, , issued by Lloyd’s, looks to shine a light on the risk of cyber-attacks which could inflict significant physical damage on national infrastructure and privately owned assets.

It focuses on the importance of effective risk management and the role of insurers in helping customers build resilience to cyber-attacks. As malicious attacks increase in frequency, cyber represents a key opportunity for insurers to support businesses and societies through the products and services they provide.

The report examines three hypothetical scenarios involving politically motivated cyber-attacks intended to cause damage to physical environments. Both critical national infrastructure and privately owned assets are highlighted as potential targets of attacks from criminals or state-sponsored actors. The report goes on to outline the potential material impacts on businesses if risk managers are not aware of the risks associated with protecting their physical infrastructure from cyber incidents, including fire, explosion, flooding, or bodily injury.

“For the most part, cyber-attacks target the availability, confidentiality or integrity of data – rather than causing operational, environmental or material damage,” the report warned. “In some cases, however, the disruption that follows cyber-attacks can have a destructive impact on the physical world.

“This is a growing threat, with attacks targeting critical infrastructure rising from less than 10 in 2013 to almost 400 in 2020. As well as the increase in frequency, the complexity of attacks are evolving, from simply targeting short-term disruption to compromising assets or processes with the intent to cause physical harm or loss of life.

“In this context: an effective cybersecurity strategy is paramount. With a risk as complex as cyber – encompassing a huge range of possibilities and uncertainties – one useful tool for risk managers can be scenario planning.”

Lloyd’s said whilst most cyber-attacks are digital, physical cyber-attacks – defined as virtual attacks which trigger physical disruption – are becoming increasingly commonplace. The rise of state-sponsored cyber-attacks is a significant focus for businesses and governments, driven by an evolving geopolitical landscape in the wake of Russia’s invasion of Ukraine. The origin of cyber-attacks are difficult to trace, which means that nation-states can remain anonymous, adding to the complexities for customers and insurers.

The report is the third in Lloyd’s ‘Shifting powers’ series of reports produced in partnership with the Cambridge Centre for Risk Studies.

It added it will continue to work with customers and risk managers to “educate them on the complexities of cyber risk and further innovate to create new solutions”.

The report concludes that, although the existing market for cyber physical cover is small and specialised, there are opportunities for the insurance industry to develop ‘affirmative physical damage offerings’ and ‘business interruption and contingent business interruption products’.

“This report provides a qualitative assessment of the risks to businesses and national economies from ‘cyber physical’ – virtual attacks triggering material impacts – and highlights the role insurance can play in building resilience against these threats,” It added. “It highlights how cyber physical represents an under-utilised opportunity for insurers to extend the protection they offer businesses, and thus society, through the products and services they provide. This opportunity is not without its challenges, and more research is needed to understand potential losses and likelihoods; but what the scenarios make clear is that those with effective cyber strategies and scenarios in place will be best equipped to face the unique challenges of this emerging and potentially debilitating risk.”

Patrick Tiernan, Chief of Markets at Lloyd’s, said: “The Lloyd’s market has a proud history of innovation, including underwriting the first cyber policy. Our market now writes around one fifth of all global cyber premium. With that position comes a responsibility to look beyond the immediate market dynamics and provide effective leadership as the market matures.

“We understand the complex and potentially systemic risks in the cyber class and are committed to supporting a resilient and sustainable cyber market in the years ahead. This report is another step in working with our stakeholders to facilitate the solutions that can help protect customers from a risk that has reached the highest level of priority in boardrooms around the world.”

Lloyd’s said whilst most cyber-attacks are digital, physical cyber-attacks – defined as virtual attacks which trigger physical disruption – are becoming increasingly commonplace. The rise of state-sponsored cyber-attacks is a significant focus for businesses and governments, driven by an evolving geopolitical landscape in the wake of Russia’s invasion of Ukraine.

SHARE: