With a spate of high profile cases over recent years, organisations are mindful of the potential financial impact a cyber-attack could have on their business. While the financial effects of such incidents make up a large part of the possible damage to an organisation, harm to physical assets can be as much of an issue.
What would physical effects look like?
In order for a cyber-attack to cause physical harm to an organisation, a hacker would have to penetrate and manipulate systems that control equipment in an operation such as a power station or manufacturing plant. Once the hacker has control of such machinery, they can then control this equipment in order to damage something, including that piece of machinery itself.
What is at risk?
A cyber-attack that causes physical damage is comparable to that of a natural disaster. Organisations have to cover not only the costs to replace or repair damaged physical assets, but also any loss in revenue following an incident.
Where a cyber-attack differs from a natural disaster is that they are not specific to a particular location. Entire networks can be affected, meaning these type of cyber-attacks are often dynamic and vast. They will impact not only the owners of the organisation, but also the suppliers, stakeholders, customers and anybody else in the chain.
Who is at risk?
Many experts believe that businesses in the power and energy sector are at particularly high risk, with telecommunications, fuel, mining and manufacturing sectors following closely behind.
Sectors of this nature tend to use industrial control systems (ICSs), which are computer systems that control and monitor physical operations, such as machinery. These systems are not usually designed with security in mind, making them vulnerable.
What are the chances?
Many organisations don’t make these types of attacks public so they do go unreported. However, there have been several high profile examples in recent times to demonstrate how harmful they can be.
During a multi-stage, multi-site attack, hackers targeted 6 organisations in Saudi Arabia in the energy, manufacturing and aviation sectors. The attack was in the form of a virus designed to steal data, with the affected computers being completely wiped, with all data lost forever and damaged to the point where they all had to be replaced.
In another example in the Ukraine, a power grid was attacked, disconnecting 10 substations, leaving around 80,000 people without power for 3 hours. This attack started out as a simple phishing scam, yet caused substantial damage to the economy and disruption to the public.
How can I protect my organisation?
Your insurance policy may offer cover for cyber-attacks, but as this topic is relatively young and is evolving, you may have gaps in your cover. Having protection for cyber-attacks may not automatically cover you for first or third party losses. It is of the upmost importance for businesses to have the correct cover in place to cover these eventualities.
The Trust Insurance Group offer a complimentary insurance review, where we can assess your risks and ensure that you have the correct cover in place for the most damaging of incidents.
Call The Trust Insurance Group today on 01476 430050 to book your complimentary risk review.