Empowered Expertise

Why cyber physical damage attacks may increase - Reason 4

by Paul Gooch, Cyber Underwriter on

Reason 4 :  Industrial Control System Networks are Notoriously Difficult to Secure

In the fourth of a series of expert blogs, TMK Cyber Underwriter Paul Gooch explains why cyber Physical Damage attacks could increase in 2020 and beyond.

Industrial control systems (ICS) networks are increasingly vulnerable due to increased online connectivity and the proliferation of targeted malware. While the risk of unauthorised access can never be eliminated completely, it can be mitigated by improving security. However, due to characteristics inherent in ICS environments, this poses significant challenges.

Unlike corporate IT networks, which prioritise confidentiality of data, ICS networks were designed to prioritise availability, i.e. operational uptime. Historically, ICS networks were isolated from outside connections – which provided a high level of inherent confidentiality – and few foresaw a future in which a third party would want to intentionally disrupt operations. As such, the worst-case scenario in the 1970s would have been a random technical failure or a malfunction, rather than a cyber attack. For this reason, ICS communication protocols  do not typically utilise encryption or authentication techniques found in IT networks.

Given their age, ICS networks often rely on legacy operating systems such as Windows XP which are no longer supported by the vendor with routine security updates or patches. Even when patches are available, installation is often a more complex process than for corporate networks, with the consequences of a failed patch much graver. Plant managers also have to take availability requirements into consideration – many industrial facilities operate 24/7 so do not have the luxury of overnight or weekend patching windows like their IT network counterparts. Consequently, ICS assets remain vulnerable for much longer.

As such, despite the worsening threat landscape, many companies struggle to adequately protect themselves against ICS attacks due to the very nature of them being insecure by design.

Click here to read

Reason 1 - It has already happened

Reason 2 - The Proliferation of Industrial Control System Malware

Reason 3 - The Increased Connectivity of Industrial Control System Environments


TMK has released an enhanced cyber insurance policy to include coverage for Property Damage and Ensuing Business Interruption resulting from a cyber-attack: Cyber Ctrl PD+. Visit for more information.

Sign Up

Get notified when a new post is published.

Email is required Email must be valid It appears you have already signed up

Media Contacts

If you have a media enquiry, please contact

Laura Guerin
Head of Marketing & Communications
T+44 (0)20 7767 2111

Out of hours or urgent media enquiries only:
M +44 (0)7557 152722