Cyber Risk - A property issue, too
There was a time when cyber risk was no more than a nuisance and hackers were more like pranksters. Then organized criminals found that malware and data breaches could be a lucrative career option. Now, in a further evolutionary stage of cyber crime, attacks are being directed at utilities and manufacturers with the intention of causing actual property damage.
According to the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, there were 198 attacks on U.S. facilities with industrial control systems in 2011 – a nearly fivefold increase over 2010.
Stuxnet is the most high profile piece of malware. Originally targeted at Iran’s nuclear facility, it is capable of causing actual physical damage to equipment by gaining control of a plant’s critical systems. Although Microsoft is having some success patching the holes exploited by Stuxnet, the fear is that Stuxnet is now being used as a blueprint for similar malware.
Stuxnet is not the only piece of game changing malware out there in cyber space. There’s Flame, a Stuxnet variant, that works in a similar way, exploiting Windows operating systems.
The Shodan software, developed in 2009, has gathered data on nearly 100 million devices and their software. Its creator, who has distributed the malware, has said that the control systems of utilities and industrial companies that were once hidden are now vulnerable.
Another, the Duqu virus, which steals data from manufacturers of industrial control systems, operated undiscovered for years. It is designed specifically to attack power plants, water treatment facilities and chemical processes.
So there’s clear potential for these cyber weapons to cause first-party property loss. This exposure will continue to present different challenges.
Read our Insurance Issues publication for more.