From emerging risk to core business: cyber attacks

"Cyber attacks" is one of the emerging risks that have become relevant for our core business since we first highlighted them.

We first drew attention to "cyber attacks" as an emerging risk by including a case study in our 2011 Corporate Responsibility Report. At the time we focused on risks potentially created for Supervisory Control and Data Acquisition (SCADA) systems.

Our original assessment

Below is an excerpt from the original description (the full case study is available under "Download"):

"Today, most large industrial plants and critical infrastructure facilities, such as power generation & distribution or oil/gas production & distribution, are increasingly controlled by webs of computers, commonly known as Supervisory Control and Data Acquisition (SCADA) systems. … Because their critical information software is increasingly connected to global data and communications networks, these SCADA systems could be vulnerable to cyber attacks. … Cyber attacks on SCADA systems may lead to failure of the impacted facility, energy blackouts, fire, explosion, injuries or even fatalities and contamination of the environment. In all these cases, the insurance industry would be directly affected. ... The objective must be to translate these threats into manageable risks."

"Cyber attacks" has since become a topic of general importance for our product development, risk management, stakeholder dialogue and compliance procedures. Internally, we have responded to the increasing threat of cyber risks by further strengthening our data protection provisions.

Recent activities and initiatives

Related content

  • Blog ​Spotlight on slow burners

    Patrick Raaflaub Group Chief Risk Officer