Lloyd’s, in partnership with cyber analytics specialist CyberCube and reinsurance broker Guy Carpenter, has launched a new report that highlights the increasingly high risk of cyber-attacks to industrial and manufacturing businesses.
The report, entitled ‘The Emerging Cyber Threat to Industrial Control Systems’, considers potential real-world scenarios which visualise a range of cyber-attacks causing physical damage to major industrial and manufacturing organisations.
Cyber-attack risks have previously been considered unlikely to materially impact the physical market or industrial sector, with attacks traditionally resulting in non-physical losses.
However, the report looks at how physical risks have become a “rapidly growing” concern for industrial businesses as shown by recent high-profile breaches. It comes as links between information technology (IT) and operational technology (OT) are on the rise, along with increases in the automation and sophistication of threat actors.
As part of the report, Lloyd’s, CyberCube and Guy Carpenter conducted an analysis detailing three scenarios which represent the most plausible routes by which a cyber-attack against industrial control systems (ICS) could generate major insured losses.
The report considers four key industries dependent upon ICS (Manufacturing, Shipping, Energy, and Transportation) and assesses the precedent and potential impact on each.
It then focuses on three potential routes of attack by organised hackers. This includes a targeted supply-chain malware attack, in which malicious actors breach a device manufacturer and compromise their products before distribution.
It also includes a targeted attack, in which attackers exploit a vulnerability in widely used Internet of Things devices found in industrial settings, as well as the infiltration of industrial IT networks to cross the OT “air-gap”.
Kirsten Mitchell-Wallace, Lloyd’s head of Portfolio Risk Management, said: “The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios.
“We know that the risk of ICS-based cyber-physical events is increasing. Because of this, we’ve partnered with CyberCube and Guy Carpenter to create these illustrative scenario pathways based on highly realistic threats and modes of attack.”
Pascal Millaire, CyberCube’s CEO, said: “Working alongside Lloyd’s and Guy Carpenter to design these scenarios was an important development for the insurance market in this increasingly important new risk.
“The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”