Three utilities companies in the Ukraine, the Israel National Electricity Authority and most recently a German nuclear power plant have suffered cyber attacks in recent months. As energy, transportation, telecommunication and manufacturing companies become more reliant on automation, robotics and connected networks, they are also increasingly vulnerable to cyber attacks.
ICS cyber incidents
Rather than stealing data, cyber attacks on critical infrastructure and manufacturers are more likely to target industrial control systems (ICS) to manipulate or shut-down operations, according to Allianz Global Corporate & Specialty.
Specifically, there is heightened concern pertaining to the vulnerability of ICS, which are used to monitor or control processes in industrial and manufacturing sectors.
In 2015, there were 295 recorded ICS cyber incidents in the U.S., an increase of 20 percent. A cyber attack against an ICS could result in physical damage, such as a fire or explosion, as well as business interruption (BI), says Emy Donavan, regional head of cyber at AGCS. “A number of ICS still used by manufacturing and utilities companies today were designed at a time before cyber security became a priority issue.”
Smart factory opportunities and risks
While ICS are a particular issue for the utilities sector, similar cyber-related physical damage and BI risks are also a key concern for manufacturers. So-called smart factories of the Industry 4.0 era heavily rely on automation, robots and connected supply chains.
From an insurer’s perspective, this brings new risks as well as opportunities. “Continuous monitoring and predictive maintenance of automated production lines will reduce small scale frequency losses and increase equipment lifetime,” explains Michael Bruch, head of emerging trends, AGCS. “Supply chains will be better monitored, more predictable and visible with improved tracking options and losses reduced from spoilage or expiration.”
However, interconnectivity of supply chains and production processes will increase cyber vulnerability, especially as security flaws built into embedded software code are difficult to detect. “Overall loss potential is rising significantly, creating high accumulation potential with larger and more complex claims,” Bruch explains. Should a robot be hacked or suffer a technical fault, a production line could be interrupted for hours or days, at a potential cost of tens of millions of dollars per day.
“While there is no such thing as 100 percent security, a comprehensive cyber and IT risk governance strategy involving various corporate functions is necessary to successfully combat cyber risks,” adds Donavan.
Refining existing risk services
In the future, digitalization will also shift the nature of corporate assets from mostly physical to increasingly intangible. Brand value and reputation, as well as intellectual property, technological know-how and supply chain networks, will become more important assets.
“Coverage for a company’s factory will increasingly demand cyber, reputational and specific non-physical damage BI covers to adequately protect intangible assets. Refining existing and developing new risk services beyond the traditional is key for both insurers and businesses to prepare jointly for the next industrial revolution,” Bruch concluded.