Lloyd’s publishes report on the cyber risk of IoT devices
Cyber risk, Lloyd’s highlights, is a continually moving target and the importance of insurers both understanding it and keeping pace with clients’ evolving exposure profiles is paramount.
The risks of digital transformation
Lloyd’s is particularly cautious of the closer integration of IT and OT (operational technology), which could have dire consequences in the industrial and manufacturing sectors if attacked, particularly as processes are automated.
- The overall risk of cyber-physical of ICS (industrial control systems) is increasing
- Despite this, the perpetrator/s of such an attack would likely require nation-state-level resources
- In addition to property damage and potential loss of life, a cyber attack on ICS could also incur significant remediation costs to diagnose the incident and prevent further instances
- The widespread adoption of cloud technology and “smart manufacturing” techniques will only serve to exaggerate cyber risk going forward
A push to improve insurance coverage
The report’s findings give a clear insight both into the dangers of digital technology and the avenues that insurers can explore to protect them.
“The Lloyd’s market is advanced when it comes to insuring cyber risks and it is therefore vital Lloyd’s syndicates underwriting this class of business have the ability to analyse their portfolios against the most sophisticated and technologically advanced risk scenarios,” said Kirsten Mitchell-Wallace, Lloyd’s Head of Portfolio Risk Management.
Pascal Millaire, CyberCube’s CEO, added, “The potential for a major ICS attack is all too real today given several real-world examples of such attacks. As we roll out hundreds of billions of additional IoT devices, it will become even more important in the future and could eventually become a systemic risk for the global economy.”
Finally, Jamie Pocock, Head of GC Cyber Analytics – International at Guy Carpenter, stated, “A major ICS attack could impact a broad range of industrial businesses and classes of insurance. As these attacks cross the divide between information technology and operational technology, they could conceivably involve significant property damage and loss of human life.
“The key is continued research, surveillance, and risk selection to help improve underwriting standards and portfolio management.”