Lloyd’s publishes report on the cyber risk of IoT devices

The report, The Emerging Cyber Threat to Industrial Control Systems, is a 34-page document exploring the real-world dangers and damages that cyber attacks on enterprise digital technology could result in.

Cyber risk, Lloyd’s highlights, is a continually moving target and the importance of insurers both understanding it and keeping pace with clients’ evolving exposure profiles is paramount.

The risks of digital transformation

Lloyd’s is particularly cautious of the closer integration of IT and OT (operational technology), which could have dire consequences in the industrial and manufacturing sectors if attacked, particularly as processes are automated.

CyberCube and Guy Carpenter assisted by conducting analyses of attack scenarios from the perspective on four industries: manufacturing, shipping, energy and transportation. Among the trio’s key findings were the following:

• The overall risk of cyber-physical of ICS (industrial control systems) is increasing 
• Despite this, the perpetrator/s of such an attack would likely require nation-state-level resources
• In addition to property damage and potential loss of life, a cyber attack on ICS could also incur significant remediation costs to diagnose the incident and prevent further instances
• The widespread adoption of cloud technology and “smart manufacturing” techniques will only serve to exaggerate cyber risk going forward

A push to improve insurance coverage

The report’s findings give a clear insight both into the dangers of digital technology and the avenues that insurers can explore to protect them.

“The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios,” said Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management.

Pascal Millaire, CyberCube’s CEO, added, “The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”

Finally, Jamie Pocock, Head of GC Cyber Analytics – International at Guy Carpenter, stated, “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life. 

“The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”