Canadian Underwriter
News

RMS releases new class of cyber-physical risk modelling for property insurers


April 6, 2017   by Canadian Underwriter


Print this page Share

RMS has expanded its range of cyber models to include a new class of so-called cyber-physical models in a bid to answer the increasing related risk of insurance losses from hackers targeting control systems linked to the Internet.

These cyber-physical models explore a range of cyber-attack scenarios that can cause physical damage to property, notes a statement out of London, U.K. Thursday from the global risk modelling and analytics firm.

Attacks intended to inflict physical damage to property have emerged faster than insurers’ ability to update policies, RMS maintains.

“With multiple lines of business potentially affected, this activity by hackers poses a systemic threat across insurance portfolios,” the company statement adds.

Related: 88% of U.S. state and local government IT professionals concerned about cyberattacks targeting critical city infrastructure: study

Building on its existing suite of cyber models focusing on attacks against information technology (IT) systems, the new capability allows “property (re)insurers to manage this growing risk for the first time,” RMS reports.

The company has analyzed the lines of business thought to be most vulnerable to cyber-physical attacks. The five new risk scenarios – based on detailed technical analysis of vulnerabilities, possible attack vectors and potential insurance payouts – allow insurers to identify silent exposures in the following and other lines:

  • cyber-induced fires in commercial office buildings;
  • triggered fire in industrial processing plants;
  • triggered explosions on oil rigs;
  • cyber-enabled marine cargo theft from a port; and
  • regional power grid outages.

“In the past two years, we have seen attacks that have damaged industrial plants, shut down building control systems and caused power grid failures – all achieved by hackers targeting control systems that are linked to the Internet,” Dr. Andrew Coburn, RMS senior vice president of emerging risks, says in the statement.

Related: Organizations considering standalone cyber coverage should evaluate risk profile to see if traditional policies are adequate: RIMS

Although insurers have begun to understand the risk of cyber attacks on IT systems, “with the rise of the Internet of Things, more devices are connected to computer networks, which opens up new vulnerabilities for hackers to exploit,” Coburn says.

“They can target operational technology and, thus, the essential fabric of any business – even its bricks and mortar,” he cautions.

No longer confined to specialist writers of affirmative cyber insurance, cyber risk “is now a peril that can cause losses in traditional property insurance policies, which are either ambiguous or silent about whether they will pay out for cyber-triggered losses,” the RMS statement adds.