Digital attacks on real-world infrastructure and operations: Why cyber property damage insurance belongs on the business agenda

Learn why specialist cover is needed to protect industry against property damage from cyber-physical risk – and how Costero Brokers can help.

Cyber incidents are no longer only about stolen data and IT downtime. As more machines, buildings and infrastructure are controlled by software and connected to the internet, a digital intrusion can cause very real-world harm for organisations and industries: damaged equipment, halted production and complex liabilities. In this article, we explain how those risks are evolving, what recent incidents tell us, how cyber and property insurance policies are changing, and how working with Costero Brokers can help you build cover that truly fits the risk.

Hacking into the real world: when a cyber event damages physical assets

All kinds of industrial organisations, including factories, energy facilities, rail and logistics operators increasingly run on connected control systems. That connectivity brings new levels of efficiency – but also new exposure of physical systems to cyber attacks. There are now more than 18 billion connected devices globally, projected to rise to 40 billion by 2030, hugely expanding the number of targets attackers can exploit. (Source: IoT Analytics)

Security data from industrial environments shows increasing cyber-probing and malware activity against systems that manage or support physical processes. Researchers recently recorded attacks being detected against roughly a fifth of industrial computers they monitor worldwide – demonstrating that physical systems, infrastructure and property are attractive targets for cyber criminals. (Source: [Kaspersky)

All of this is happening while many traditional business property insurance policies have added new cyber exclusions or fine-print limitations. Unless you have explicit, written cover for property damage caused by a cyber event, there is a risk of a protection gap.

Warnings from real-world cyber-physical incidents

Over the past decade, the frequency and scale of cyber-physical attacks on industrial infrastructure and operations have increased worryingly:

• Germany, 2014: An industrial steel mill was attacked by cyber criminals. Germany’s federal cyber authority reported that attackers entered via an office network before accessing plant controls, preventing a blast furnace from shutting down properly and causing massive damage. (Source: BBC News)
• Ukraine, 2016: Power grid industrial control systems (ICS) were targeted with specially developed malware. Investigators found that the ‘Crash Override / Industroyer’ malware was built to interfere with protective relays – an approach designed to damaged critical power equipment. (Source: CISA)
• Middle East, 2017: ‘Triton’ malware was used to target safety systems at an unidentified industrial facility, forcing a shutdown to avoid a potential catastrophe. The case proved that attackers were willing to aim at the controls designed to stop fires and explosions at nuclear, oil and gas power plants. (Source: The Guardian)
• Norway, 2019: A ransomware attack disrupted Norsk hydro’s global aluminium operations and cost the company around USD $75 million. The incident provides a clear example of the knock-on costs incurred when highly automated industrial plants are forced into manual operations by a cyber attack. (Source: Computer Weekly)
• USA, 2021: A hacker used remote access software to take control of safety systems at a water treatment plant in Oldsmar, Florida. The cyber intruder briefly changed the chemical dosing set-point to a dangerous level, but fortunately a vigilant operator reversed it in time. This was a near-miss with obvious implications not only for property damage, but also for public safety. (Source: Wired)

How cyber insurance policies are changing – and what you should look for

In recent years, insurance industry supervisors and the London market have pushed insurers to address “silent cyber” – the uncertainty about whether a policy might respond to a cyber-triggered loss. Insurers are encouraged to do this by either clearly covering or clearly excluding cyber causes of loss. That has led many property policies to adopt cyber exclusions or very narrow “write-backs”, unless you purchase explicit cyber-physical property damage cover.

Language around state-backed cyber attacks has also tightened. Lloyd’s now expects robust wording when policies address such events, with clear parameters on what is and isn’t covered. The exact definitions and any carve-backs matter – and can differ by market.

Some organisations are now pairing a traditional cyber policy (for IT-led incidents) with clear, written cover for property damage and business interruption caused by a cyber event. Sometimes that is done by reinstating cover within the property policy via endorsement; in other cases, it’s placed as a dedicated cyber-property damage product or via reinsurance. The right answer depends on your operations, suppliers and tolerance for loss.

Working with an expert in cyber property damage risk

Whether you’re an insurer, broker or business leader, you need a partner who understands both cyber threats and how physical assets are insured – like Costero Brokers. We design fit-for-purpose, broad and competitively priced programmes at Lloyd’s of London and international markets, working closely with leading global reinsurers. We help you map real-world loss scenarios across production lines, utilities, logistics and building systems, and then build wordings and limits that fit that risk profile.

For brokers, we’ll co-create client-ready submissions that align property, cyber and any reinsurance layers so coverage gaps are closed and the claims pathway is clear. For corporate buyers, we can work with your operations, safety and technology teams to reflect the controls you actually have – segmentation, backups, and safety shutdowns – so underwriters can price the true risk.

Introducing Costero’s new cyber property damage insurance solution

Costero’s exclusive cyber property damage solution – developed with leading Lloyd’s of London syndicates – is built to close the protection gap created by modern wordings. It offers:

• Affirmative cover when a malicious cyber event causes physical damage and business interruption – addressing the hole in traditional policies.
• Access to substantial market capacity (USD $250 million+) across primary and excess layers for large or complex risks.
• Multiple deployment options: Reinstate cyber cover within an all-risks property policy via endorsement, place a combined programme spanning “traditional” cyber and cyber-physical damage, or use reinsurance structures if you’re a carrier seeking to offer this cover to your own clients.

We focus where the exposure is most material – in sectors such as manufacturing, energy, power, mining, pharmaceuticals, rail, transportation and logistics – and we tailor wordings to your operations and geographies.

Ready to close the cyber property damage gap?

If you want to protect your clients – or your own organisation – against cyber-physical losses, talk to us. Costero can help you put a specialist cyber property damage programme in place that fits today’s risk, aligns with market developments, and scales with each organisation’s growth.

Whether you’re an insurer, broker, or business decision-maker, now is the time to evaluate new options in cyber-physical property damage cover. Contact Costero’s Cyber, Media and Technology insurance team today to explore how we can help you.

To find out more and discuss your goals, please get in touch with our expert Jonathan Olley at Costero Brokers.