Insurance Concern with ICS Vulnerabilities

Thursday, June 2, 2016 @ 04:06 PM gHale


As automation, robotics and connected networks become stronger and more relevant with energy, transportation, telecommunication and manufacturing companies, the potential exists for an increase in cyber attacks.

Rather than stealing data, cyber attacks on critical infrastructure and manufacturers are more likely to target industrial control systems (ICS) to manipulate or shut down operations. And insurance companies are taking notice.

RELATED STORIES
Security Alert: Securing Supply Chain
Answers on How to Secure Supply Chain
ICSJWG: ‘Need to Rethink Game Plan’
German Nuke Infected with Malware

Specifically, there is heightened concern pertaining to the vulnerability of ICS, which monitor or control processes in industrial and manufacturing sectors. In 2015, there were 295 recorded ICS cyber incidents in the U.S., an increase of 20 percent. An attack against an ICS could result in physical damage, such as a fire or explosion, as well as business interruption, said Emy Donavan, regional head of cyber at Allianz Global Corporate & Specialty (AGCS). “A number of ICS still used by manufacturing and utilities companies today were designed at a time before cyber security became a priority issue.”

While ICS is a particular issue for the utilities sector, similar cyber-related physical damage and business interruption risks are also a concern for manufacturers. Smart factories of the Industry 4.0 era heavily rely on automation, robots and connected supply chains.

From an insurer’s perspective, this brings new risks as well as opportunities.

“Continuous monitoring and predictive maintenance of automated production lines will reduce small scale frequency losses and increase equipment lifetime,” said Michael Bruch, head of emerging trends, AGCS. “Supply chains will be better monitored, more predictable and visible with improved tracking options and losses reduced from spoilage or expiration.”

However, interconnectivity of supply chains and production processes will increase cyber vulnerability, especially as security flaws built into embedded software code are difficult to detect.

“Overall loss potential is rising significantly, creating high accumulation potential with larger and more complex claims,” Bruch said. Should a robot end up hacked or suffer a technical fault, a production line could halt for hours or days, at a potential cost of tens of millions of dollars per day.

“While there is no such thing as 100 percent security, a comprehensive cyber and IT risk governance strategy involving various corporate functions is necessary to successfully combat cyber risks,” Donavan said.

In the future, digitalization will also shift the nature of corporate assets from mostly physical to increasingly intangible. Brand value and reputation, as well as intellectual property, technological know-how and supply chain networks, will become more important assets.

“Coverage for a company’s factory will increasingly demand cyber, reputational and specific non-physical damage business interruption covers to adequately protect intangible assets,” Bruch said. “Refining existing and developing new risk services beyond the traditional is key for both insurers and businesses to prepare jointly for the next industrial revolution.”

Allianz Global Corporate & Specialty (AGCS) is the Allianz Group’s dedicated carrier for corporate and specialty insurance business. AGCS provides insurance and risk consultancy across the whole spectrum of specialty, alternative risk transfer and corporate business: Marine, Aviation (incl. Space), Energy, Engineering, Entertainment, Financial Lines (incl. D&O), Liability, Mid-Corporate and Property insurance (incl. International Insurance Programs).