Insurance Journal reports that some insurers are beefing up their Cyber Liability Insurance in order to offer coverage for physical damage and injuries caused by cyber attacks.
The news is important because it means that some of your clients – those who work in industries with machinery that is timed and run by network-connected computers – can now have protection in case a worm or malware leads to a damaging malfunction.
A Case Study: How a Worm Attacked a Nuclear Facility
You might be wondering how a cyber attack can cause physical destruction. This isn't the Matrix and machines aren't that powerful yet, right? To understand the physical risk associated with cyber attacks, let's look at an example from the news.
In 2010, the Stuxnet worm attacked nuclear centrifuges in Iran. According to Symantec's analysis, the worm was able to cause physical damage to the expensive machinery. The worm changed the speed at which the centrifuges rotated, which sabotaged the mechanism.
At a conference, Symantec went so far as to demonstrate how this same methodology could be used to damage oil refineries and waste management plants.
While the Stuxnet case is likely evidence that a government intelligence agency attacked the Iranian facility (and you probably won't have to fend off those kinds of attacks), the case serves as an important reminder. As high tech becomes intertwined with physical machinery, there will be more liabilities. Whether you're talking about the Internet of Things or robotic manufacturing, cyber liabilities are beginning to intertwine with the physical.
4 Takeaways about New, Stronger Cyber Liability Insurance
When you read about cyber attacks every day, it's easy to become either paranoid or jaded. You might begin to see risks everywhere. Or you might throw your hands up and resign yourself to the idea that if someone wants to hack your client, they'll find a way in.
Because of this, it's important to stay grounded and focused on how these news stories apply to small businesses and IT contractors. Take a look:
- Cyber attacks can lead to all sorts of damage. In addition to causing physical damage, they can cause businesses to lose revenue, lose clients, miss deadlines, and suffer other expensive consequences.
- Insurers are starting to offer "beefier" coverage. If you have clients whose facilities and equipment could be physically damaged by cyber attacks, you can encourage them to purchase one of these stronger Cyber Liability Insurance policies.
- These new policies are in response to the cyber attack framework that the National Institute of Standards and Technology (NIST) and President Obama outlined over the summer. We're likely to see more policies like this and more discussion about these kinds of risks. As you’ll recall from our article, "Why IT Contractors Shouldn't Hold Their Breath for Universal Data Breach Legislation,” The NIST framework isn't a law. Rather it's a series of recommendations for businesses looking to ramp up their cyber security – especially businesses that work in key infrastructure industries such as energy, medicine, and waste management.
- Most cyber threats won't damage physical facilities, but some industries do face that risk. It's a risk that we're not used to thinking about: malware causing machines to malfunction. Nonetheless, it's a real threat for some businesses and one you'll need to consider when working with certain clients.
The basic rule of cyber risk is this: a client's risks can become your liabilities. When your client is affected by a cyber attack, you can be sued for the damages they suffer. A client's Cyber Liability Insurance can pay for the losses that result from an attack, but you'll also need to protect your own liabilities.
Errors and Omissions Insurance (also called Professional Liability Insurance) covers client data breach lawsuits and many other IT lawsuits. To learn more about what this policy covers and how much it costs, see our sample E&O Insurance quotes for IT contractors.