Cyber Security - New computer viruses infect systems
The U.S. may have developed three more previously unknown computer viruses - at least one of which seems to have infected computers in Iran and Lebanon. The purpose of these newly identified viruses remains unknown. Why should this be of interest to Property Casualty insurers?
With the discovery of Stuxnet - also reportedly created in the U.S. (read my June 26 blog for more on Stuxnet) - computer malware has advanced beyond the simple manipulation, theft and/or destruction of data to being able to cause damage or destruction of physical property.
While data damage is excluded under property policies, actual physical damage to equipment, machinery or the facility may be covered.
This September, a Reuters article discussed cyber attacks used in the geopolitical arena that could be deemed a terrorism event should a government employ a cyber attack against U.S. businesses (as long as any such loss fits the definition of "terrorism"). The Department of Homeland Security has reported that American electric and gas utilities have seen a significant increase in attacks using malware and attempting to disrupt or damage their systems, although, to date, none of these attacks have resulted in "significant damage."
Use of these cyber weapons, however, may not be limited to governments. Hackers, disgruntled former employees and others may be able to avail themselves of these cyber weapons once they are out in the marketplace. Any business that uses computer controllers to operate equipment or machinery may be vulnerable to these types of cyber attacks. Previous articles have already reported that a version of Stuxnet can be downloaded from the Internet.
It could be that these newly discovered viruses are designed to only steal, manipulate and/or destroy data, and are not designed to cause actual physical damage. The potential for property and cyber liability losses, however, only increases as more malicious malware is developed and deployed.