Physical Damage From Cyber Attack – A Growing Risk

Physical Damage From Cyber Attack – A Growing Risk

April 2, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

As far back as 2002 there have been warnings of a “Cyber Pearl Harbor” – a government or government-sponsored cyber attack on the United States with physical damage consequences. Although nothing on that scale has happened, in a post on forbes.com Taylor Armerding warns that physical damage from smaller but still lethal attacks is a growing threat.

As Armerding writes in https://www.forbes.com/sites/taylorarmerding/2019/02/27/the-cyberphysical-convergence-is-accelerating-so-are-the-risks/#2b0411b779a0, the Internet of Things has become more like the “Internet of Everything”. In its 2018 Data Breach Investigations Report, Verizon found that more than one of every ten data breaches in 2017 had a physical component. It’s not much of an exaggeration to say that “everything is a computer”.

Some of the possibilities Armerding cites:

  1. Pen Test Partners documented how a hacker could capsize a cargo ship.
  2. Forbes reported that hackers in Italy used a laptop to transmit code and take control of construction cranes and other large machinery.
  3. An electric scooter manufactured in China did not have a properly validated password; a remote attacker could send commands to interfere with the vehicle.

Elsewhere it has been reported that sensitive medical devices are vulnerable to hacking, with possible life threatening consequences.

Experts agree that security must be built into the software that operates connected devices. Defense systems must address artificial intelligence, smart technologies and universal networking. So far developments in cyber security have not kept pace with the speed of IoT convergence.

Government cybersecurity mandates have focused on privacy and protection of personally identifiable information. California has recently required IoT manufacturers to utilize “reasonable” security measures, which likely will lead to disputes over what is reasonable. Most likely, it will take a major lawsuit alleging physical damage due to inadequate security to improve practices. Hopefully the triggering incident will not cause any fatalities.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.