You’ve heard of cyber attacks causing customer data breaches, business interruptions, reputation management issues, and public relations nightmares – but what about physical damage?
Sometimes cyber attacks involve more than just data theft. Past hacking events have caused property damage and even bodily injury. In the wake of Stuxnet, security experts have warned of the increasingly destructive capabilities of cyber attacks. We’re starting to see those warnings come to fruition.
Here are six instances where malicious hackers caused physical damage – and cost businesses, organizations and/or governments millions of dollars.
German steel plant meltdown
In 2015, using phishing emails to gain login credentials, hackers wreaked havoc at a German steel mill by disrupting the control system and shutting down parts of the plant, resulting in millions of dollars of damage to the blast furnace.
Ukrainian power grid sabotage
Russian-backed hackers remotely disabled electricity to a wide swath of Ukraine in December 2015. They then uploaded faulty firmware in order to make fixing the breach even more difficult. The case laid out a frightening blueprint on how to replicate this experiment on other power grids.
Polish teen remotely derails trains
In 2008 a teenager from Lodz, Poland tripped rail switches and redirected trams using a homemade transmitter. His stunt injured twelve people when four trams derailed.
Disgruntled applicant spills raw sewage
Back in 2001, an Australian man was convicted of hacking into his small town’s computerized waste management system and deliberately spilling millions of gallons of raw sewage into parks and rivers in the area. Vitek Boden spent two years in prison for the offense.
Hacker tampers with hospital ventilation system
In 2011, a man was sentenced to nine years in prison for infecting machines at the hospital for which he worked with malware and installing a remote-access program on the hospital’s HVAC system. Authorities asserted that Jesse William McGraw jeopardized patient safety by putting drugs and other medical supplies at risk by altering the heating, air conditioning, and ventilation systems.
Oil pipeline leak detection systems compromised
In this instance, while no property damage occurred, the Southern California coastline was exposed to an environmental disaster. In 2009, hackers temporarily disabled the computer system designed to detect pipeline leaks for three oil derricks of the coast of Southern California. Had a leak occurred during that time, it would have potentially gone undetected.
So what can businesses do to protect themselves from these kinds of increasing and potentially devastating threats?
Insurance coverage of cyber attacks
Normally, cyber insurance policies do not cover property damage (or bodily injury) so insureds must rely on more traditional lines for coverage, like their Property policy or their Commercial General Liability policy.
While data breaches that result in property damage are less frequent, their results can be devastating and likely far exceed the limits of your cyber policy.
This isn’t to say that property damage resulting from a data breach will definitely be covered by your property policy. You’ll want to confirm that your coverage is “all risk” coverage, which covers any peril not specifically excluded. Also, look for property insurers to begin excluding property damage or business interruption claims related to computer or cyber related incidents in the future.
At the ALS group, we work with a variety of different types of businesses to make sure they have appropriate cyber liability insurance coverage. Have questions about your organization’s coverage? Contact us for a cyber insurance audit.