The Evolution of Industrial Cyber Insurance
When cybersecurity technology works effectively to reduce damage to industrial control systems, the insurance industry can provide coverage against risks not coverable before.
Cyber insurance for industrial sites has been somewhat of a conundrum. It has had a remarkably complicated history considering its relatively short existence. While the insurance industry has long recognized a global interest in cyber insurance (The estimated annual cost to the global economy from cybercrime is $445B), its development has been hindered by a few key factors. For one thing, the data needed to confidently structure and price policies is unclear and complex. Equally challenging are the attack methods and the protective technologies which are constantly evolving and changing.
But perhaps the biggest factor is the general lack of effective protection industrial control networks can use against cyberattacks. The sheer number and sophistication of cyberattacks on these businesses every year is advancing, escalating, and changing dramatically, making risk calculation practically impossible.
That doesn’t mean that insurance companies aren’t trying to find a solution to provide coverage. The evidence shows that cyber insurance is a thriving market, which Lloyd’s of London (Hartwig & Wilkinson, 2015) estimates will grow to $85B worldwide by 2025.
Industrial sites need to be protected and insure their physical assets and systems against remote, online attacks. However, with the constant introduction of new types of cyberattacks, and so many other issues that need to be factored in, it’s difficult to calculate the premium cost for a hacker accessing the network of a control system in a manufacturing plant of pharmaceuticals, or a ship navigation system, or a rails signaling system? What is the damage potential of attacked machinery, or the resulting unknown period of production downtime? These issues will only get worse as the industrial market moves to greater interconnectivity and the harmful potential of these attacks multiplies.
A Cyber Insurance Milestone
Recently, significant progress was made in the world of industrial cyber insurance when the Lloyds of London syndicate announced a unique partnership with industrial cybersecurity company Waterfall Securityto provide comprehensive cyber insurance for businesses that use Waterfall’s unidirectional security gateway products. With insurance cover from a leading Lloyd’s syndicate brokered exclusively via THB, a business is entitled to coverage for:
Cyber loss or damage – covering expenses to restore its network, to restore information stored on its network, or any other data, including physical documents;
Business interruption – coverage for a reduction in business income, expenses in excess of the insured’s normal operating expenses sustained during a restoration period, and forensic investigation costs;
Cyber extortion – extortion money paid to a third party extortionist;
PR expenses - expenses required to respond to adverse or unfavorable publicity or media attention resulting from a loss that is indemnified under the policy;
Cyber occurrence - any loss, event, incident or accident arising out of, directly or indirectly attributable to unauthorized access, virus, denial of service attack or operational error, or a credible threat made by an extortionist, and cyber terrorism is included in the policy as a standard.
This partnership is particularly significant in its recognition of cybersecurity technology that works to reduce the potential damage of cyber attacks, thereby enabling insurers to provide coverage against risks which were not coverable before. This important step in the world of cyber insurance is a positive sign. The advancement of cybersecurity is at the top of our collective agenda, and this deal signals a commitment to and trust in a safer future.
For more information about unidirectional technology click here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024