Mapping the potential impacts of cyber attacks on critical infrastructure
- Published: Tuesday, 30 October 2018 09:26
Using a US dam attack as an example Aon and Guidewire have shown how cyber attacks can have physical impacts on critical infrastructure. In the scenario explored, a cyber attack could result in an estimated $10bn insured loss for flood damage.
There are over 90,000 dams in the US, providing irrigation, hydroelectric power, flood control, and recreation. While technology and automation improve dam safety and operation, they also create new risks.
In a scenario developed by Aon and Guidewire’s Cyence Risk Analytics team, part of Guidewire’s Analytics and Data Services unit, a hacker seeks to create significant disruption in the US by opening the flood gates at a hydroelectric dam. If such a scenario were to occur it is likely to cause significant downstream flood damage, resulting in ‘silent cyber’ losses for insurers. Silent cyber risk is the potential for cyber perils to trigger losses on traditional insurance policies – such as property or casualty – where coverage is unintentional or unpriced.
Aon and Guidewire analyzed the potential impacts of the scenario at three dams, selected to reflect a small, a medium, and a large exposure respectively. The key findings were that a cyber attack could cause:
- Major impacts not only to dam operations but also to the resilience of local businesses and communities, with the highest economic loss estimated at $56 billion.
- Silent cyber exposure to insurers, with total insured losses of up to $10 billion. By comparison, initial estimates of insured losses resulting from wind and storm surge damage from Hurricane Michael have ranged up to $10 billion.
- A significant protection gap that would impact homeowners and businesses if such an event were to occur, with only 12 percent insured in one scenario.
Jonathan Laux, Head of Cyber Analytics for Aon’s Reinsurance Solutions business, commented: “Insurers must consider how changing technologies can cause ‘established’ perils such as flood to morph into new risks, with resulting changes to frequency and severity. By using scenarios such as this one, insurers have the ability to stress test their portfolios against new and emerging perils created by cyber risk. With that knowledge, insurers can take steps to mitigate risk, through reinsurance as well as working with businesses to increase their resilience.”
For more details read the ‘Silent Cyber Scenario: Opening the Flood Gates’ report.