While environmental carriers are monitoring developing mold claims following the devastating hurricane season, cyber activity continues to escalate, not just among large companies but at small- and midsize businesses (SMB) as well.
Related: 6 ways cybersecurity changed in 2017
Cybersecurity is rapidly moving from an emerging threat to a current reality that can adversely impact virtually any industry. News reports address cybersecurity, cybercrime, cyber-warfare, cyber attacks, cyber-intrusion, cyber espionage and cyber-sleuthing, and words such as hacking, malware, ransomware, phishing, botnets and zombies are becoming commonplace in the news.
Cybersecurity has been a growing threat, but the public has only become more aware of the risks and potential impacts recently as more and more businesses and industries have experienced a wide range of cyber attacks.
In the past, there were no standard policies or common coverage forms for cyber liability. However, ISO recently released a cyber-coverage form for small- to mid-sized commercial risks with several new endorsements. Having available coverage is critical to businesses that may be exposed to a loss affecting millions of customers.
— The ISO E-Commerce Program has now been renamed as the ISO Cyber Program to expand the types of coverages being addressed.
— ISO has also made enhancements to the ISO Information Security Protection (ISP) Cyber coverage forms and optional multi-state endorsements.
— The ISO Commercial Cyber Insurance Policy CY 00 01 01 18 is a stand-alone cyber option designed primarily for small- to mid-sized commercial risks (SMEs).
Bodily injury from cybercrimes
Contaminant releases as a result of cyber-related disruptions can result in damage to human health and the environment. Cybercrimes have the potential to cause catastrophic spills, waste discharges and air emissions that result in bodily injury, property damage, environmental remediation expenses and legal liability claims.
Related: A game-changing play in cyber risk
The industries most at risk to environmental claims from cyber attacks are those that rely on complex supervisory and control systems, such as utilities, transportation and manufacturing, to name a few. Attacks on critical infrastructure in industries such as healthcare or the energy grid through ransomware, distributed denial-of-service (DDOS) or other attacks may bring power or medical systems down in ways that put lives directly and immediately at risk.
The industries most at risk to environmental claims from cyber attacks are those that rely on complex supervisory and control systems, such as utilities, transportation and manufacturing. (Photo: iStock)
Recent attacks with environmental claims
Some cyber attacks resulting in environmental claims and disruptions of critical infrastructures include the following:
— In 1994, a hacker accessed the Salt River Water Project computers to gain control of water levels.
— In 2000, the Russian government announced that hackers succeeded in gaining control of the Gazprom pipeline network.
— In 2000, a hacker caused the release of 800,000 liters of untreated sewage into waterways in Maroochy Shire, Australia.
— In 2003, the safety monitoring system of Ohio's Davis-Besse nuclear power plant was offline for five hours due to the Slammer Worm.
— In 2008, electrical power generation in South America was damaged by a cyber attack by organized crime.
— In 2009, an IT contractor disabled leak detection systems on three offshore oil rigs near Long Beach, Calif.
— In 2010, the Stuxnet virus disabled Iranian centrifuges that were processing uranium into weapons-grade uranium.
— In 2014, attackers used booby-trapped emails to steal logins giving access to a German steel mill's control system. This led to parts of the plant failing and an unscheduled shutdown of the blast furnace caused massive damage.
— In 2017, the WannaCry ransomware attack affected companies and industries including FedEx, automotive plants for Renault and Nissan, Spain's telecommunications giant Telefonica, and some 48 hospitals and clinics of the British National Health Service.
— Also in 2017, the Petya ransomware attack crippled many organizations and businesses in Europe and the U.S., including firms such as the advertiser WPP, the food company Mondelez, and Danish shipping and transport firm Maersk.
The imact of the Internet of Things
As more industries rely on computer technology to control systems and become more connected, and as hackers get better with breaching those systems, the chances of significant environmental impact become enormous. With the growing opportunity for more sophisticated uses of data and Internet of Things technologies, artificial intelligence, biometric systems, manufacturing robotics, connected cars and smart buildings, businesses will need to consider how threats such as ransomware will continue to evolve, moving from individual computers to impact their critical business operations.
As cybercrime continues to escalate, the risk of environmental claims increases for even small businesses such as gas stations and auto mechanics, and for manufacturing operations that handle or process any type of liquid contaminates or waste products.
It is common for ransomware attacks to target smaller or mid-sized businesses as an entry to larger enterprises. A small business will not want to become a weak link in a large supply or operational chain. Previously, there was no standard cyber insurance coverage available to these businesses. However, the new ISO Commercial Cyber Insurance Policy CY 00 01 01 18 is designed for these smaller and mid-sized risks.
Karen L. Sorrell, CPCU, is an editor with FC&S Online. She can be reached by sending email to ksorrell@alm.com.
See also:
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.