Cyberattacks against critical infrastructure, manufacturers likely to target industrial control systems to manipulate operations: AGCS

Rather than stealing data, cyberattacks against critical infrastructure and manufacturers are more likely to target industrial control systems (ICS) to manipulate or shut down operations, Allianz Global Corporate & Specialty (AGCS) said on Wednesday.

As energy, transportation or telecommunication companies, but also the manufacturing sector, become more reliant on automation, robot technologies and digital networks of connected devices, they are also increasingly vulnerable to cyberattacks, AGCS said in a press release.

There is growing concern about the vulnerability of ICS, which are used to monitor or control processes in industrial and manufacturing sectors. For example, there were 295 recorded ICS cyber incidents in the United States last year, up 20%, according to AGCS. A cyberattack against an ICS could result in physical damage, such as a fire or explosion, as well as business interruption (BI), Emy Donavan, regional head of cyber at AGCS, said in the release.

“A number of ICS still used by manufacturing and utilities companies today were designed at a time before cybersecurity became a priority issue,” Donavan noted. AGCS added that ICS are also vulnerable to both technical failure and operator error, which can be much more frequent and severe in terms of impact and are often not captured in cyber reports.

While ICS are a particular issue for the utilities sector, similar cyber-related physical damage and BI risks exist in manufacturing. So-called “smart factories of the Industry 4.0 era” heavily rely on automation, robots and connected supply chains, AGCS said, suggesting that from an insurer’s perspective, this brings new risks as well as opportunities. “Continuous monitoring and predictive maintenance of automated production lines will reduce small scale frequency losses and increase equipment lifetime,” said Michael Bruch, head of emerging trends with AGCS. “Supply chains will be better monitored, more predictable and visible with improved tracking options and losses reduced from spoilage or expiration.”

However, interconnectivity of supply chains and production processes will increase cyber vulnerability, especially as security flaws built into embedded software code are difficult to detect. “Overall loss potential is rising significantly, creating high accumulation potential with larger and more complex claims,” Bruch explained. Should a robot be hacked or suffer a technical fault, a production line could be interrupted for hours or days, at a potential cost of tens of millions of dollars per day.

“While there is no such thing as 100% security, a comprehensive cyber and IT risk governance strategy involving various corporate functions is necessary to successfully combat cyber risks,” Donavan said.

In the future, digitalization will also shift the nature of corporate assets from mostly physical to increasingly intangible, AGCS said. Brand value and reputation, as well as intellectual property, technological know-how and supply chain networks, will become more important assets. “Coverage for a company’s factory will increasingly demand cyber, reputational and specific non-physical damage BI covers to adequately protect intangible assets,” Bruch said. “Refining existing and developing new risk services beyond the traditional is key for both insurers and businesses to prepare jointly for the next industrial revolution.”