People need to be aware of all cyber threats because you can’t dismiss any of them. Just because ransomware is top of mind for most companies, that doesn’t mean that cyber threats such as data breaches, malware attacks, even things like business email compromise aren’t going to continue—they will. Companies need to be aware of those and protect themselves. If they aren’t hit by ransomware, they could be hit by any of the others, and those threats can do significant damage.
Cyber threats involving property damage have been there since the Stuxnet malware was launched and have existed in one form or another ever since. There have not been large headline-grabbing events that have focused attention on it; the events are nevertheless continuing.
A cyber event can be as simple as somebody shutting off the air conditioning to a data center and a lot of expensive computer equipment is damaged or destroyed. But it can be as catastrophic as an attack on a gas or oil pipeline that causes environmental damage, explosions or things of that nature. Or it could simply slow down delivery. That will, in and of itself, damage a pipeline operator.
Andler: A cyber proximate cause of loss that results in physical damage is where the bridge between cyber and property comes together. That’s not an emerging threat. That’s just a threat, period, from any possible cyber attack that is focused on causing property damage. That is a risk. The threat is probably just getting more frequent. The attacks are emanating from state causes as well. I would say there is an increase in severity and also an increase in frequency. The challenge is that, when it comes to the protection of property, the client base needs to be vigilant about potential vulnerabilities.
Andler: The inherent silent nature of property is the way that the property insurance market has been trying to deal with the emerging risk of a physical damage loss emanating from a cyber proximate cause. The collective group of insurance companies that we do business with, they all handle it in a different way.
Usually, the property market is trying to address how it handles issues around cyber with exclusions, and all those exclusions are done in different ways by different carriers. It’s not easy to compare the coverage you would get from cyber if you had policies from two different carriers. We view the fact that you never really know what you have as being a silent cover.