Empowered Expertise

Why cyber physical damage attacks may increase - Reason 5

by Paul Gooch, Cyber Underwriter on

Reason 5: Cyber Criminals Have a Proven Business Model

In the final of a series of expert blogs, TMK Cyber Underwriter Paul Gooch explains why cyber Physical Damage attacks could increase in 2020 and beyond.

Given their age, their rising levels of connectivity, and the escalation in malicious activity targeted against them, Industrial Control System (ICS) environments are increasingly vulnerable to cyber attacks. However, thus far, the frequency of such events has remained low. Having not yet faced the consequences of such an incident, risk managers may be reassuring themselves with the rhetorical question: “why would anyone attack us?” Others may have concluded that such an attack is only likely in the event of a full-scale military conflict and taken the fatalistic view that in such a scenario they have more to worry about than collecting on their corporate insurance policy. However, if the past 18-months have taught us anything, it’s that criminals have carved out a lucrative niche in extorting millions of dollars from companies by literally holding their computer systems to ransom. 

There are many examples and one of the most successful ransomware strains identified in recent months has been REvil aka Sodinokibi. In the past five months alone, researchers at KPN have detected over 150,000 unique infections and extracted ransom demands from 148 samples demanding more than USD38 million from its victims. This equates to an average extortion demand of over USD 250,000 per company affected. Cyber crime has become such a widespread problem that the FBI now maintains a ‘Cyber Most Wanted’ list and has conceded that, while it does not condone paying ransoms, “when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

Although it is not simply a case of ‘ransomware getting into the control systems’ that will lead to cyber physical damage attacks, it is the evolution of the ransomware ‘business model’ that is of critical concern. If companies are willing to pay millions of dollars to avoid operational disruption , how much (and how quickly) might they pay to avoid catastrophic physical damage or harm to human life? Even if ransoms are paid, botched decryption attempts have shown that attackers don’t always get the recovery tools right, and the consequences of a botched Safety Instrumented System recovery could be disastrous.

TMK Cyber Ctrl PD+

In response to the growing threat and the retrenchment of cover in the property insurance market, TMK has released an enhanced cyber insurance policy to include coverage for Property Damage and Ensuing Business Interruption resulting from a cyber attack. Crucially, this is not a ‘wrap’ or ‘write-back’ product – TMK Cyber Ctrl PD+ provides affirmative cover for cyber physical damage incidents, providing clients with clarity of cover. The policy includes all standard cyber insurance coverages, including privacy liability and non-damage business interruption, and is modular, allowing clients to tailor the product to their specific requirements.

Click here to read 

Reason 1 - It has already happened

Reason 2 - The Proliferation of Industrial Control System Malware

Reason 3 - The Increased Connectivity of Industrial Control System Environments

Reason 4 - Industrial Control System Networks are Notoriously Difficult to Secure

Sign Up

Get notified when a new post is published.

Email is required Email must be valid It appears you have already signed up

Media Contacts

If you have a media enquiry, please contact

Laura Guerin
Head of Marketing & Communications
T+44 (0)20 7767 2111

Out of hours or urgent media enquiries only:
M +44 (0)7557 152722