As digital infrastructure becomes more advanced and integrated into your business operations, the boundary between cyber and physical security has become increasingly blurred. The comprehensive use of the internet and cloud services to operate and maintain equipment and security systems today has left businesses vulnerable in more material ways.
Network-connected hardware is extra vulnerable to cybercriminals who can infiltrate a company’s network systems and control network-connected equipment causing it to intentionally malfunction or disable security systems, causing real physical damage to people and facilities. As the following actual claim demonstrates, successful physical attacks by threat actors begin with social engineering.An alcohol manufacturer received an alert that the network at one of their plants was having issues. Their processing engineer saw a strange file — ‘Name-WASTED’ and immediately recognized it as a ransomware event. While their industrial system sat idle, the downtime caused significant damage. Because the manufacturer had the right Coalition cyber coverage and necessary endorsements, Coalition reimbursed the manufacturer for their business interruption expenses and the extra expenses necessary for their property repairs.
Commercial General Liability (GL) policy forms were developed before cybersecurity risks were as prevalent as they are today. Therefore, your standard GL policy was never designed to cover physical and non-physical risks arising from cyberattacks, as neither are considered tangible property losses.
Coalition offers three key cyber coverage endorsements to help bridge the gap between your GL and cyber coverage when it comes to physical security: First party liability bodily injury and property, Third party liability for bodily injury and property, and Third party pollution coverage.
Protecting your business when it’s attacked
With the right endorsements, business interruption and property repair expenses arising from the damages resulting from a cyberattack, both directly to your business or to a third-party, are covered. Coverages may also apply to damages resulting from any liability you may have to a third party, including regulatory fines and penalties. In the event of a cybersecurity incident, Coalition’s first party liability bodily injury and property damage endorsement covers losses resulting from bodily injury or damage of your business’ physical property.
Here’s another real life example of Coalition’s bodily injury and property damage coverage in action:The control system of an industrial components manufacturer experienced a cyberattack that led to significant damage on the production equipment and destroyed the in-process components. Coalition Incident Response (CIR) provided breach response services as part of the policy and was able to help the company regain control of their systems and secure their network. Coalition’s Bodily Injury and Property Damage and Business Interruption coverage went into effect immediately, covering the manufacturer’s equipment repairs and financial losses resulting from their equipment down time.
Protecting your business when a security breach impacts your customers
Third party liability coverage extends your organization’s protection to those you do business with. While standard cyber third party liability coverage would provide protection if your company’s breach affected your customer’s network, Coalition offers third party liability for bodily injury and property damage for cyber incidents that have physical consequences.
For example, a cyber attack on a medical organization’s network could put hundreds of individuals in potential physical harm. If a hospital’s network is hacked and the computers that control certain medical devices are impacted, patient wellbeing is at risk. While medical malpractice may still be a concern in these instances, the investigation into the cyber incident and quick evaluation of the impact of the organization’s security network is typically covered by Coalition’s third party liability endorsement.
Protecting your business when a security breach impacts the environment
Manufacturing companies have started a new industrial revolution of sorts through smart manufacturing and the use of IoT-connected devices to drive operational efficiencies. But when a company’s technology controls equipment and materials that, if not run appropriately, can lead to a pollution event, a manufacturer faces an additional and unique cyber risk.
Cyber incidents at power plants, factories, utilities, and other businesses using technology to run their systems threaten workers and but the surrounding community and environment. In these cases, pollution endorsements can provide coverage for clean-up expenses, IT forensics, regulatory investigations, and possibly business interruptions.
In many ways, these types of cyber attacks are already happening. Businesses that prepare for the potential physical ramifications of cyber attacks on their physical business operations by implementing proper risk management strategies and securing the necessary coverage to safeguard their assets will be best positioned for what happens next.
Protect your business: Get insured
Cyber insurance is a key factor in addressing and mitigating cyber risk and can quickly help businesses facilitate remediation if they are the target of a cyberattack.
Coalition offers a wealth of resources to help businesses implement good cybersecurity practices, including our Cybersecurity Guide, which outlines the basic tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk.
For questions about Coalition’s claims process or to be connected to a broker, reach out to our team.
Are you a broker interested in offering Coalition cyber insurance to your clients? Click here to get appointed.