From emerging risk to core business: cyber attacks
"Cyber attacks" is one of the emerging risks that have become relevant for our core business since we first highlighted it.
We first drew attention to "cyber attacks" as an emerging risk by including a case study in our 2011 Corporate Responsibility Report. At the time we focused on risks potentially created for Supervisory Control and Data Acquisition (SCADA) systems.
Our original assessment
Below is an excerpt from the original description (the full case study is available under "Download"):
"Today, most large industrial plants and critical infrastructure facilities, such as power generation & distribution or oil/gas production & distribution, are increasingly controlled by webs of computers, commonly known as Supervisory Control and Data Acquisition (SCADA) systems. … Because their critical information software is increasingly connected to global data and communications networks, these SCADA systems could be vulnerable to cyber attacks. … Cyber attacks on SCADA systems may lead to failure of the impacted facility, energy blackouts, fire, explosion, injuries or even fatalities and contamination of the environment. In all these cases, the insurance industry would be directly affected. ... The objective must be to translate these threats into manageable risks."
"Cyber attacks" has since become a topic of general importance for our risk management, stakeholder dialogue and compliance procedures. Internally, we have responded to the increasing threat of cyber risks by further strengthening our data protection provisions.
Recent activities and initiatives
- Cyber solutions
- Swiss Re Code of Conduct:
Section on "Business information and information technology"
Section on "Data protection"
- Data protection brochure
- sigma 1/2017:
Cyber: Getting to grips with a complex risk
- Expert Forum at the Centre for Global Dialogue
Cyber risk: Reducing vulnerability to attack
- Partner publication with the World Energy Council:
World Energy Perspectives: The road to resilience – Managing cyber risks