States warned of looming cyber threat to physical assets

Cyber-attacks that could lead to physical damage of critical national infrastructure should now be viewed as a significant emerging risk, according to a leading cyber underwriter.

Speaking at Scor’s Live Session on Emerging Risks this week, Margaret Rose, vice president, head of Americas – Professional Lines & Cyber, SCOR Specialty Insurance, asked when are we going to see cyber-attacks that lead to physical damage?

She pointed out that private companies hold strategic assets that underpin economic activity, but these assets are potentially vulnerable to cyber-attack.

Rose pointed out that the emerging cyber threat is a dynamic one, and should not be underestimated: “We have ransomware today, but we won’t necessarily have ransomware tomorrow. Companies need to invest in cyber security; they need to spend on risk management and cyber defences.”

She added that the market has seen a shift from cyber criminals effectively “big game hunting” to going after smaller companies, but that attacks are still motivated by the desire for financial gain, with extortion at their heart.

The physical consequences of cyber-attacks were made very clear with the recent acknowledgement by Colonial Pipeline’s CEO that his company paid a multi-million ransom to cyber-criminals.

Speaking to the Wall Street Journal, Joseph Blount justified the $4.4 million payment by saying that executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.

The 5,500-mile Colonial Pipeline Co system was closed after one of the most disruptive cyber-attacks on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the US East Coast from the Gulf Coast.

Rose’s comments come in the same week that a hard-hitting report has warned the threat of physical damage from cyber threats is growing in both number of incidents and the scale of the attacks themselves.

The report, Shifting powers: Physical cyber risk in a changing geopolitical landscape, issued by Lloyd’s, looks to shine a light on the risk of cyber-attacks which could inflict significant physical damage on national infrastructure and privately owned assets.

It focuses on the importance of effective risk management and the role of insurers in helping customers build resilience to cyber-attacks. As malicious attacks increase in frequency, cyber represents a key opportunity for insurers to support businesses and societies through the products and services they provide.

The report examines three hypothetical scenarios involving politically motivated cyber-attacks intended to cause damage to physical environments. Both critical national infrastructure and privately-owned assets are highlighted as potential targets of attacks from criminals or state-sponsored actors. 

The report goes on to outline the potential material impacts on businesses if risk managers are not aware of the risks associated with protecting their physical infrastructure from cyber incidents, including fire, explosion, flooding, or bodily injury.

The 5,500-mile Colonial Pipeline Co system was closed after one of the most disruptive cyber-attacks on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the US East Coast from the Gulf Coast.

SHARE: