The Elephant in the Room – Catastrophic Property Damage from a Cyber Attack

Much of what we discuss in this blog relates to the loss of information and the legal and regulatory framework that exists to address individual privacy concerns following a data breach.  However, as our colleague Dick Bennett points out in a recent post on the Property Insurance Law Observer, an even greater — and potentially catastrophic — risk that looms large is the potential for a cyber attack aimed at bringing about physical harm.  An attack on an energy grid or the virtual hijacking of a driverless car are just two examples; the growth of the “internet of things” will bring countless more.  Speaking of the energy grid scenario, in a report published this past summer, Lloyd’s estimated that a full-scale attack could result in damages in excess of $1 trillion.

In his article, Dick writes:

“The ultimate risk is enormous.  Computerized industrial control systems run the world’s financial institutions, its manufacturing and chemical facilities, its transportation systems, and its energy infrastructure, including the electrical grid and power and water treatment plants.  These control systems are composed of devices such programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) equipment that were originally designed to be open systems, which is to say systems focused on interoperability and ease of communication and repair.  Security was a secondary consideration at best.  If hijacked by a piece of malware, such systems could cause property damage and business interruption loss on a literally catastrophic scale.”  To continue reading Dick’s article, click here.