The rapid spread of the Internet of Things (IoT) and an increasing number of devices that individuals and businesses use in their everyday lives have opened up the world of cyber risk to “silent” cyber incidents.
“Up till now, the way we think about risks and the way the insurance industry has been going about insuring these risks are all physical. Take our home – we’re worried about hurricanes, earthquakes, fire, wind damage – things like that which are quite physical,” said Prashant Pai, VP of cyber strategy for risk modeling solutions provider AIR Worldwide. “But now, everything is getting more digital and we haven’t really thought about what risks may lie in the digital world.”
The physical and the digital are becoming intertwined because of IoT devices and industrial control systems (ICS) that are connecting many physical assets. “Silent” cyber accounts for risks that can impact insurance coverages and haven’t been seriously considered before, explained Pai. For example, the VP pointed to an experiment at Columbia University where researchers were able to introduce a bug into a printer that would cause it to run incessantly and catch on fire. If this happened in a home or a business, it would be difficult to trace the source of the fire back to a virus that attacked the printer, revealing the difficulties in determining the risk posed by silent cyber threats.
AIR recently announced that it was collaborating with global reinsurance broker Capsicum Re to expand the insurance industry’s understanding of silent cyber threats. With the partnership, the firms will identify the non-cyber lines of business and industries that are more likely to be exposed to losses from such incidents.
“We have put together a list of all these outlandish, but quite possible scenarios and then taken a look at all the personal and commercial coverages that exist out there, and we are figuring out which of them could be impacted by which of these scenarios,” said Pai. “As part of this partnership, we now have access to a lot of data as it relates to different types of lines, both personal and commercial, and also claims coming in on those lines, so we’re able to take a view on which of these could have more exposure to silent cyber and then model it appropriately.”
Automobiles make up one area of potential risk as many have internet connectivity today, while certain industries are also particularly vulnerable to silent cyber.
“So much of manufacturing is now controlled via data and ICS, including not only assembly lines, but even power plants and nuclear plants. We are looking at a lot of these installations and seeing how much connection they have,” Pai told Insurance Business, adding that he recently discovered that his own router at home has 38 devices connected to it.
“Our lives are getting increasingly digital and these are all risks that we haven’t really contemplated.”