Insurers' role in ICS cyber security - is there one?

We had assumed that insurers were taking the risk of ICS cyber security seriously. We also thought this could be the driver to get end-users to actually secure their ICSs. Consequently, we intended to have a session on insurer's role in ICS cyber security at the 2013 ICS Cyber Security Conference (www.icscybersecurityconference.com). Apparently we may have jumped the gun on how insurance companies are becoming a catalyst for improved cyber-security in industrial control system design, products and processes.
July 19, 2013

We had assumed that insurers were taking the risk of ICS cyber security seriously. We also thought this could be the driver to get end-users to actually secure their ICSs. Consequently, we intended to have a session on insurer's role in ICS cyber security at the 2013 ICS Cyber Security Conference (www.icscybersecurityconference.com). Apparently we may have jumped the gun on how insurance companies are becoming a catalyst for improved cyber-security in industrial control system design, products and processes. We wanted to have a panel of industrial property insurance company executives interact with the audience. For one, we wanted to know how their companies are reacting to increased cyber threats to critical infrastructure, and maybe more interestingly, how they plan to assess and respond to their customers' varying exposures and mitigation plans.

It turns out that we may have to nix that conference session. The assessment of someone we consider to be the insurance industry luminary on cyber-physical risks was that "most insurers have not thought about this, or if they have, do not seem to be taking it seriously - and won't until a spectacular loss occurs. The Property/Casualty industry is still largely reactive."

Sound familiar?
Joe Weiss

About the Author

Joe Weiss

Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sign up for Control eNews
Get the latest news and updates