These explore a range of cyber attack scenarios that can cause physical damage to property, allowing property (re)insurers to manage this growing risk for the first time. This new capability builds upon the existing suite of RMS cyber models which focus on attacks against I.T. (information technology) systems.
Cyber attacks that are intended to inflict physical damage to property have emerged faster than insurers' ability to update policies, and with multiple lines of business potentially affected this activity by hackers poses a systemic threat across insurance portfolios. Cyber risk is no longer confined to specialist writers of affirmative cyber insurance. It is now a peril that can cause losses in traditional property insurance policies which are either ambiguous or silent about whether they will pay out for cyber-triggered losses.
"In the past two years, we have seen attacks that have damaged industrial plants, shut down building control systems, and caused power grid failures - all achieved by hackers targeting control systems that are linked to the internet," said Dr. Andrew COBURN, RMS senior vice president, emerging risks. "Insurers have begun to understand the risk of cyber-attacks on information technology (I.T.) systems, for example financial theft, data extraction and cyber-extortion. But with the rise of the Internet of Things, more devices are connected to computer networks which opens up new vulnerabilities for hackers to exploit. They can target operational technology, and thus the essential fabric of any business - even its bricks and mortar."
To allow insurers to identify silent exposures RMS has analysed the lines of business thought to be most vulnerable to cyber-physical attacks, such as commercial property, marine, energy, industrial and facultative facilities. The five new risk scenarios in the RMS® Cyber Accumulation Management System allow insurers to identify silent exposures in these and other lines. The scenarios are based on detailed technical analysis of vulnerabilities, possible attack vectors, and potential insurance payouts:
- Cyber-induced fires in commercial office buildings - hackers can gain access to internet-connected office equipment, such as laptops, manipulating them to overheat and start fires. If the offices are unmanned this could lead to destruction of entire premises, as well as the facilities and systems they house.
- Triggered fire in industrial processing plants - heat-sensitive devices, such as thermostats, can be sabotaged to ignite flammable products in storage.
- Triggered explosions on oil rigs - a network operations centre controlling an entire field of oil rigs could be targeted to cause structural misalignment of well heads, leading to the explosion of multiple oil rigs.
- Cyber-enabled marine cargo theft from a port - port managements systems are highly computerized and so valuable cargo can be stolen as a result of cyber attacks, for example through the use of malware to disrupt operating systems or to access sensitive cargo data.
- Regional power grid outages - the control systems of power-generating companies could be attacked, allowing criminals to damage generators. This could cause a cascading regional power outage with huge losses to insured customers, as well as the power supplier.
Additional information on RMS Cyber Accumulation Management System is available here.
RMS solutions help insurers, financial markets, corporations, and public agencies evaluate and manage catastrophe risks throughout the world. We lead an industry that we helped to pioneer—catastrophe risk modeling—and are delivering models, data, and risk management solutions on the RMS(one)® platform to transform the world's understanding and quantification of risk through open, real-time exposure and risk management.
More than 400 insurers, reinsurers, trading companies, and other financial institutions trust RMS solutions to better understand and manage the risks of natural and human-made catastrophes, including hurricanes, earthquakes, floods, terrorism, and pandemics.