View this article online: https://www.insurancejournal.com/news/international/2017/04/06/447172.htm

RMS Expands Range of ‘Cyber-Physical’ Models for Property Insurers

RMS, the Newark, Calif.-based risk modeling and analytics firm, announced the expansion of its range of cyber models to include a new class of “cyber-physical” models.

These include a range of cyber attack scenarios that can cause physical damage to property, allowing property re/insurers to manage this growing risk, said RMS, noting that this new capability builds upon the existing suite of RMS cyber models that focus on attacks against information technology systems.

Cyber attacks that are intended to inflict physical damage to property have emerged faster than insurers’ ability to update policies, said RMS in a statement. With multiple lines of business potentially affected, this activity by hackers poses a systemic threat across insurance portfolios, it continued.

“In the past two years, we have seen attacks that have damaged industrial plants, shut down building control systems, and caused power grid failures – all achieved by hackers targeting control systems that are linked to the internet,” said Dr. Andrew Coburn, RMS senior vice president, emerging risks.

“Insurers have begun to understand the risk of cyber-attacks on information technology (IT) systems, for example financial theft, data extraction and cyber-extortion,” he added. “But with the rise of the Internet of Things, more devices are connected to computer networks which opens up new vulnerabilities for hackers to exploit. They can target operational technology, and thus the essential fabric of any business – even its bricks and mortar.”

To allow insurers to identify silent exposures, RMS has analyzed the lines of business thought to be most vulnerable to cyber-physical attacks, such as commercial property, marine, energy, industrial and facultative facilities. The five new risk scenarios in the RMS^® Cyber Accumulation Management System allow insurers to identify silent exposures in these and other lines.

The five scenarios are based on detailed technical analysis of vulnerabilities, possible attack vectors, and potential insurance payouts:

• Cyber-induced fires in commercial office buildings – hackers can gain access to internet-connected office equipment, such as laptops, manipulating them to overheat and start fires. If the offices are unmanned this could lead to destruction of entire premises, as well as the facilities and systems they house.
• Triggered fire in industrial processing plants – heat-sensitive devices, such as thermostats, can be sabotaged to ignite flammable products in storage.
• Triggered explosions on oil rigs – a network operations center controlling an entire field of oil rigs could be targeted to cause structural misalignment of well heads, leading to the explosion of multiple oil rigs.
• Cyber-enabled marine cargo theft from a port – port managements systems are highly computerized and so valuable cargo can be stolen as a result of cyber attacks, for example through the use of malware to disrupt operating systems or to access sensitive cargo data.
• Regional power grid outages – the control systems of power-generating companies could be attacked, allowing criminals to damage generators. This could cause a cascading regional power outage with huge losses to insured customers, as well as the power supplier.

Additional information on RMS Cyber Accumulation Management System is available via RMS’ website.

Source: RMS