色多多视频

 
色多多视频
色多多视频
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

By

Global Chief Underwriting Officer, Financial Lines

Ransomware attacks are doing more than threatening to expose proprietary information; they’re shutting down operations.

In June 2020, one of the world’s largest auto manufacturers was forced to shut down production for a day. The problem: hackers had planted a computer virus in the automaker’s internal computer networks, which shut down systems and locked employees out of email and servers.

However, the hackers went further; the ransomware infiltrated systems along the production line, . Production in plants in Japan, Turkey, Brazil, India, and the US were disrupted, some for . By crippling production, the hackers hoped to force ransom payment.

The tool hackers appear to have used is a software designed to infiltrate control systems in factories, power plants, and other industrial facilities. Such software is not designed to steal data, but rather to infect operational systems, rendering them useless and bringing business to a halt.

To date, much of the focus of cybercrime prevention by companies has been on protecting internal data – trade secrets, employee personal information, payroll, health insurance, internal records. However, manufacturers have operational technology systems (OT). These systems control production equipment, detect changes, monitor operations, and keep production lines running smoothly.

That is, until a breach occurs. Unfortunately, attacks on OT infrastructure are on the rise. One study reveals that 90% of industries across the globe had suffered at least one damaging cyberattack between 2017 and 2019, and .

These OT attacks are hitting organizations by disrupting:

  • Remote monitoring
  • Equipment sensors
  • Fire safety equipment
  • Scientific equipment
  • Lighting controls and energy monitoring
  • Security systems
  • Transportation systems

Until 2010, attacks like these on the OT infrastructure was the stuff of espionage and government-backed attacks.

Today cyberweapons have become tools for cyber thieves. Because of the ability for widespread shutdown of operations from an OT attack, hackers are seeing the potential for high ransom amounts. The hackers too have evolved. No longer lone actors, sophisticated hacking groups are targeting big business, attacks that can be launched from anywhere in the world.

The threat for industries is exponentially larger. Whereas in the past a breach could shut down systems and compromise data, the OT breach can result in a devastating fire, bodily injury, or environmental damage. The monetary losses alone would far outweigh those associated with the more traditional privacy breach cyberattack.

The OT breach can result in a devastating fire, bodily injury, or environmental damage

Is It Covered?
Since cyberattacks grew in frequency and severity, the insurance market has responded well. Most have focused on the privacy breach event, which is where most of the threats were occurring. In the US there are several markets that write that form of insurance. Cyber insurance is less mature outside the US. Those types of policies have evolved to cover several types of first and third party losses that can arise from a breach.

However, cyber policies typically exclude property damage and bodily injury. Breaches that threaten property via an OT attack are new enough that policy wording has to catch up. There is no single way the cyber peril is addressed in Property, sometimes the forms are silent, sometimes excluding it, and sometimes giving sub-limited affirmative grants. In the US, a general liability policy typically excludes the privacy breach type losses while reserving third party liability coverage for bodily injury or property damage but even that is not entirely clear cut.

At present, global insurers have adopted the practice of making explicit statements regarding whether cyber -related losses are covered or excluded, and to what extent. That gives some clarity to policyholders but does not spell out the intricacies of coverage. For example, property coverage can come with a cyber events exclusion but offers a “write back” for fire or explosion or some other limited perils.

To date, bodily injury and property damage are still not excluded. However, as losses mount or should the reinsurance market decide to exclude it, that could change.

For the property and casualty insurers, the knowledge regarding the impact of OT attacks is still in its infancy. Understandable, because until recently, such attacks did not happen in the mainstream corporate environment. However, as these claims begin to mount in frequency and severity, insurers and industry alike need answers.

We as an industry need to continue learning about cyberattacks and their impact on various industries and operations. Insurers should be trying to understand just how much of a company’s operations is vulnerable to cyberattack and should be underwriting the exposures that cannot be mitigated fully.

Organizations themselves can decrease their loss exposures by conducting risk assessments that include their OT infrastructure. Tabletop exercises and mitigation strategies, along with regular patches and updates to security systems, can help companies prepare for an attack, and potentially thwart hackers.

Have a conversation with your insurer. An insurer that has expertise in cybersecurity can review your current coverage and outline the protections that are in place. They can also walk your organization through self-insured retention or other options to ensure that remediation is in place in the event of an attack.

Protecting Production
Cyberattacks are continuing to evolve, much as the hackers themselves are doing. Unfortunately, not all insurance coverage can keep up with, or cover completely, the nuances of each iteration in the cyber threat chain.

Your production line, your equipment, your processes can be accessed and controlled with the same ease and dexterity that hackers use to get into your systems. In fact, by accessing your systems, cyber thieves have full access to the whole of your operations.

By knowing all you can about these attacks – and about how your current policies will or will not respond – your organization can be better prepared for any attack. Work with your insurer to put protections in place that help reduce loss and ensure stronger operational readiness going forward.

About the Author: 
Libby Benet was appointed as Global Chief Underwriting Officer, Financial Lines in October 2020. Libby’s experience in the insurance and reinsurance sector spans over 30 years. She joined 色多多视频in February 2020 as Global Chief Underwriting Officer, Cyber after serving as President and CEO of Cyber Secure Work Inc, and previously held several senior positions in the (re)insurance industry. She is a member of the Minnesota Lawyers Mutual Board of Directors. She is a lawyer and a certified information privacy professional and certified as a privacy information manager. She can be reached at Libby.Benet@axaxl.com.

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe

More Articles

Quick Links

Subscribe to Fast Fast Forward

  • Related Resources

Cybersecurity risks to consider when the workforce returns to work
Fast Fast Forward
The relaxation of stay-at-home orders and work restrictions will result in additional cybersecurity concerns which arise from the rapid reintegration of remote workers returning to the office. Categories: personal devices, unapproved personal applications, unattended systems, and human error.
What will the cyber landscape look like now that a pandemic has hit
Fast Fast Forward
Since the pandemic hit, we have seen an explosion of phishing and malware campaigns, with many of our own contacts reporting up to a 300 percent increase in phishing attacks since February 2020 (many posing as COVID-19 information or resources). The uptick in attacks couldn鈥檛 be happening at a worse time. As businesses operate from remote locations, IT resources are stretched thin and employees, facing a multitude of new challenges working from home, will invariably struggle to remain as vigilant to cybersecurity threats as they are under normal working conditions. And yet, it鈥檚 at times like these when more than usual vigilance is required. Employees working remotely may have less secure connections, including Wi-Fi connections and shared devices. Remote workers will also have plenty of distractions that can divert attention and increase the likelihood of a phishing email being overlooked.
cyber risk assessments
Fast Fast Forward
To manage your company鈥檚 cyber risk, you must first determine what your risks are, how an assessment will be applied to mitigate those risks, and which risks are primary. That way, you can conduct a risk assessment that fits within your organization鈥檚 needs.

Global Asset Protection Services, LLC, and its affiliates (鈥溕喽嗍悠礡isk Consulting鈥) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. 色多多视频Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, 色多多视频Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued 色多多视频 Policies

In the US, the 色多多视频insurance companies are: Catlin 色多多视频 Company, Inc., Greenwich 色多多视频 Company, Indian Harbor 色多多视频 Company, XL 色多多视频 America, Inc., XL Specialty 色多多视频 Company and T.H.E. 色多多视频 Company. In Canada, coverages are underwritten by XL Specialty 色多多视频 Company - Canadian Branch and AXA 色多多视频 Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following 色多多视频surplus lines insurers: XL Catlin 色多多视频 Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor 色多多视频 Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.

THIS AXA WEBSITE USES COOKIES

色多多视频 as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users鈥 social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings