Cyber risk - issues involving physical damage

News /

The idea that cyber risks are new is wearing thin, leaving behind the harsh reality that exposures to cyber risk are serious, are here to stay and seem only to be getting worse. Both the severity and frequency of cyber events are increasing, be it a hacking attack, extortion or human error.

Whilst many of the biggest and most costly cyber events have involved data breaches, DDOS attacks and theft of industrial secrets, we have now entered an era where thought must be given to the risk of cyber events causing real damage to physical things or even bodily harm to people. Critical infrastructure and utilities are ever more reliant on complex computer systems.

Although the frequency of such events is considerably lower than the frequency of data leaks caused by malicious attacks, any event that is able to cause physical damage could have far reaching consequences.

It is not surprising, then, that in recent months there has been more emphasis on monitoring such risks, particularly in the insurance industry, which will inevitably end up facing claims from an ‘physical cyber event’.

Extent of losses

The types of loss that might arise from a physical cyber event are varied. Losses to physical property may not be restricted to the thing that is hacked but could quite easily be more widespread, for example, damaging other items of property, which may or may not belong to the insured itself, thereby giving rise to additional third party liabilities. A basic example of how this might arise is a cooling system for a server room being hacked, causing the computer equipment to overheat

and malfunction. The extreme heat then causes a small fire to break out, which spreads and damages the building and potentially adjacent properties or different floors within a larger block. This may seem exceptional but there are occasions of physical damage having been caused by hacking attacks, both intentionally and unintentionally. Moreover, with the constant developments in technology that are being achieved, more exposures and areas of risk can arise. One such example is the development of self-driving cars.

Sector focus and examples

Some sectors are more at risk than others. The energy sector has long been identified as a high-level target for both hack attacks and for other system exposures, including those which are not the result of malicious attacks. Similarly, the aviation, shipping, manufacturing and automotive industries are at particular risk, as well as any large scale national infrastructure such as utilities. These areas all have in common a great reliance on computer systems to manage and control physical processes and operations. Whilst a cyber event involving physical damage may be considered low frequency at this point, for these areas in particular any loss is likely to be high value and quite possibly a significant market event for the affected insurers.

Insurers’ protection

It is important that all insurers are fully aware of the full scope of cover offered by their products. It is advisable to undertake reviews of non-cyber specialist insurance policies to ensure that they mitigate the risk of unintentionally covering a cyber event. Whilst this may be achieved by narrowing definitions or including market-standard exclusions in wordings, insurers might also consider more broader exclusions for all cyber-related risks, however arising.

Underwriters might also consider including sub-limits where an element of cyber risk is intended to be assumed, to limit their exposure. It may also be appropriate to engage cyber specialists to aid in risk reviews.

In any event, the exposure of insurers and their insureds to cyber-related losses is prominent and is increasing. As the nature of cyber risk changes, so must insurers to ensure that they do not assume unwanted and unmeasured risks.

Simon Cooper

Simon Cooper Consultant

Related sectors:

Related news & insights

News / Ince celebrates one year since Scotland office opening

23-11-2022 / Insurance, Maritime, Real Estate

We are pleased to be celebrating one year since opening our first Scottish office in the city of Glasgow.  Stefanie Johnston, dual-qualified Partner and Head of Scotland, has worked tirelessly over the last year to develop our offering through the opening of an Ince office in what is arguably an established Scottish market. Starting from the ground up, Stefanie and her team have successfully gained an admirable reputation in the region and further afield in the maritime, insurance, real estate and regulatory sectors. 

Ince celebrates one year since Scotland office opening

News / Anti-suit injunction to restrain breach of London arbitration agreement in insurance policy

09-11-2022 / Insurance

QBE Europe SA/NV and another v. Generali Espana de Seguros y Reaseguros [2022] EWHC 2062 (Comm) In this case, a Spanish insurer sought to assert a direct right of action against a UK insurer in Spanish proceedings. The English Court found that the Spanish proceedings had been brought in contravention of a London arbitration agreement in the relevant liability insurance policy and granted an anti-suit injunction to restrain those proceedings.

Anti-suit injunction to restrain breach of London arbitration agreement in insurance policy

Insights / Countdown to COP27: recent developments

04-11-2022 / Energy & Infrastructure, Insurance

As we get ready for COP27, we've prepared a summary some of the key developments relating to climate and environmental policies over the last few weeks.

Countdown to COP27: recent developments

News / Dan Crockford appointed as Head of Office for Ince (Bristol)

23-06-2022 / Insurance

We are delighted to announce that Dan Crockford has recently been appointed as Head of Office for Ince (Bristol).

Dan Crockford appointed as Head of Office for Ince (Bristol)

News / Court construes scope of indemnity under Mortgagees’ Interest Insurance Policy

06-06-2022 / Insurance, Maritime

Piraeus Bank A.E. v Antares Underwriting Limited and others (The ZouZou) [2022] EWHC 1169 (Comm)

Court construes scope of indemnity under Mortgagees’ Interest Insurance Policy

News / The Insurance and Reinsurance Law Review Tenth Edition

19-05-2022 / Insurance

We are delighted to share with you the tenth edition of The Insurance and Reinsurance Law Review edited by Simon Cooper. As with previous years, Ince was a member of The Law Reviews (TLR) leading panel of contributors. 

The Insurance and Reinsurance Law Review Tenth Edition