February 25, 2021
Republished January 4, 2023
The critical infrastructure community is not immune to cyberattacks. An understanding of financial impacts, informed by OT asset owners, is needed in defending.
With the advent of the SolarWinds crisis, companies worldwide experienced a first-of-its-kind systemic event that revealed a major risk to the software supply chain. The critical infrastructure community is not immune. In recent years, cyber threat actors have shifted their sights to valuable and often vulnerable operational technology (OT) systems as a potentially lucrative attack vector. Defending those systems effectively requires a deeper appreciation of their criticality and a clear understanding of the financial impact of a successful breach.
Fortunately, the cyber insurance market is already responding to OT system exposures in ways that can help companies better prioritize their cyber risk prevention and mitigation strategies. A “baker’s dozen” of coverage categories currently exists that speak directly to a wide variety of potential loss areas. Opportunities for improvement, however, abound. OT asset owners often are not included in the cyber insurance discussion. This unfortunate situation often leads to a suboptimal understanding about the full impact of a cyberattack. It also prevents companies from leveraging long-available industry resources that could drive enhanced IT-OT cyber resilience almost overnight.
A broadened coverage discussion that includes OT asset owners would help encourage the adoption of proven cybersecurity frameworks geared specifically to the IT-OT environment. Meaningful compliance with those frameworks, in turn, could help companies reduce their full exposures in ways that make them more attractive cyber risks. The critical infrastructure community – with OT asset owners at the table – should lead a “get compliant, get secure, and get insurance” cybersecurity discussion with the insurance industry to enhance the security and integrity of their companies. In so doing, it could become a major influence in how cyber insurance develops next.
Chapter 1: Growing Cyber Threat to Critical Infrastructure
Chapter 2: IT-OT Environments and Cyber Risk
Chapter 3: The Cyber Risk Management Value of Insurance
Chapter 4: What is the Coverage?
Chapter 5: Shaping the Market: An OT Opportunity
Chapter 6: The Importance of Standards
Chapter 7: The Role of Compliance
Kevin Edwards, 703-653-0596, firstname.lastname@example.org