Lloyd’s publishes report on the cyber risk of IoT devices

By William Girling
In collaboration with CyberCube and reinsurer Guy Carpenter, Lloyd’s has summarised the cyber risk inherent to IoT devices within modern industry...

The report, The Emerging Cyber Threat to Industrial Control Systems, is a 34-page document exploring the real-world dangers and damages that cyber attacks on enterprise digital technology could result in.

Cyber risk, Lloyd’s highlights, is a continually moving target and the importance of insurers both understanding it and keeping pace with clients’ evolving exposure profiles is paramount.

The risks of digital transformation

Lloyd’s is particularly cautious of the closer integration of IT and OT (operational technology), which could have dire consequences in the industrial and manufacturing sectors if attacked, particularly as processes are automated.

CyberCube and Guy Carpenter assisted by conducting analyses of attack scenarios from the perspective on four industries: manufacturing, shipping, energy and transportation. Among the trio’s key findings were the following:

  • The overall risk of cyber-physical of ICS (industrial control systems) is increasing 
  • Despite this, the perpetrator/s of such an attack would likely require nation-state-level resources
  • In addition to property damage and potential loss of life, a cyber attack on ICS could also incur significant remediation costs to diagnose the incident and prevent further instances
  • The widespread adoption of cloud technology and “smart manufacturing” techniques will only serve to exaggerate cyber risk going forward

A push to improve insurance coverage

The report’s findings give a clear insight both into the dangers of digital technology and the avenues that insurers can explore to protect them.

“The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios,” said Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management.

Pascal Millaire, CyberCube’s CEO, added, “The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”

Finally, Jamie Pocock, Head of GC Cyber Analytics – International at Guy Carpenter, stated, “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life. 

“The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”


Featured Articles

Insurtech unicorn bolttech takes on extra $50m in funding

Insurtech unicorn bolttech has taken on an extra US$50m in funding from Leapfrog Investments as part of the insurtech's Series B extension

Allianz wants to 'lead by example' with new net-zero targets

Allianz has said it wants to "lead by example" after announcing ambitious new targets to make its investment and underwriting portfolios net zero

Insurtech pricing solution Akur8 seals $25m in fresh funding

Akur8, whose insurtech solution is used by actuaries to build pricing models across all insurance lines, has received backing from Guidewire and FinTLV

Beazley launches tornado parametric insurance using NWS data


Alex Dalyac: Founding AI-based insurtech Tractable

Technology & AI

Saudi Arabia: 'solid' framework to guide insurtech sector