Infrastructure Cybersecurity
As the world increasingly becomes interconnected through technology and the internet the risks of cybersecurity and cyber terrorism have become increasingly real as well.
Everything from aviation to manufacturing to national infrastructure is in some way connected to the internet. The possibility of a rise in bodily injury and tangible property damage as result of some kind of cyber event or attack is on the minds of world leaders and the insurance industry.
“The world of cyber terrorism or sabotage will increase massively and I think that will raise some questions within the property market as to whether this is an exposure that underwriters should or shouldn’t be insuring,” says Graeme Newman, director at CFC Underwriting.
According to Newman, the industry doesn’t have long to figure it out. “The very real threat of cyber terrorism or cyber warfare is going to present itself within the next five to 10 years. We have already seen early skirmishes.”
The issue is attracting more attention after high-profile cyber events including Stuxnet – a virus that afflicted a uranium enrichment facility in Iran – and Shamoon – a virus linked to cyber assaults on energy firms in Saudi Arabia and Qatar in 2012.
Energy companies have no insurance against major cyber attacks, according to an annual review of the energy sector’s insurance market by Willis, which likened the threat to a “time bomb” that could cost the industry billions of dollars.
Willis highlighted the industry’s vulnerability to cyber threats and called on insurers to find a way to provide cover.
“A major energy catastrophe – on the same scale as … Exxon Valdez or Deepwater Horizon – could be caused by a cyber attack, and, crucially, that cover for such a loss is generally not currently provided by the energy insurance market,” Willis said.
Most insurance products currently available will cover minor things such as data losses or downtime caused by IT issues, but not major events like explosions at multiple facilities triggered remotely by hackers, Willis said.
It said the lack of coverage stems from a clause included in most energy sector insurance agreements over the past 10 years that explicitly excludes loss or damage caused by software, viruses or other malicious computer code.
According to Newman, the U.S. government is petrified about the threat to the national critical infrastructure right now. “People saw what happened to the uranium enrichment facility. The concern is that it could happen to any utility facility in the U.S. – hackers taking control of water treatment facilities, sewage plants, water supplies, that could have a huge impact.”
The need for coverage against attacks on national infrastructures is very real, says Rick Betterley, president of Betterley Risk Consultants Inc. “I hope it will soon be more available and better.”