National infrastructure and privately owned assets are at risk of from significant physical damage resulting from cyberattacks, says a new report from Lloyd’s.
As a result, Lloyd’s says that as malicious attacks increase in frequency, cyber represents a key opportunity for insurers to support businesses and societies through the products and services they provide. The report, Shifting Powers: Physical Cyber Risk in a Changing Geopolitical Landscape, examines three hypothetical scenarios involving politically motivated cyber-attacks intended to cause damage to physical environments.
Patrick Tiernan, chief of markets at Lloyd’s, said: “The Lloyd’s market has a proud history of innovation, including underwriting the first cyber policy. Our market now writes around one fifth of all global cyber premium. With that position comes a responsibility to look beyond the immediate market dynamics and provide effective leadership as the market matures.
He added: “We understand the complex and potentially systemic risks in the cyber class and are committed to supporting a resilient and sustainable cyber market in the years ahead. This report is another step in working with our stakeholders to facilitate the solutions that can help protect customers from a risk that has reached the highest level of priority in boardrooms around the world.”
The report looked at what it called an asymmetric attack exchange, which it defined as a ‘rudimentary cyber power sponsors non-state ransomware attacks by cybercriminals targeting another nation’s critical infrastructure’; an offensive cyber retaliation, when ‘regional tensions over nuclear development programmes spill over into cyber-physical sabotage of critical infrastructure’; and symmetric attack exchange, when two sophisticated cyber powers engage in an escalation of destructive cyber attacks on critical infrastructure.
Concluding, Lloyd’s said that the insurance industry has yet to encounter a ‘truly catastrophic’ cyber-attack.
It wrote: “Cyber has a short history, and so far there have been no stand-out loss events stemming from a single trigger. The threat is also fast-evolving, which means that historic trends are sometimes not always useful for predicting the pattern of future shocks.”
It added: “With all that said, all parties really do need to plan for the realities of a cyber catastrophe before any real world examples occur. This is not just because of the impact on human lives, but also to ensure capital is in place to manage and fund the rebuilding of the infrastructure, companies and national organisations that could be damaged.”