What are the Physical Risks of a Cyber Attack?

What are the Physical Risks of a Cyber Attack?

Most of the news we hear surrounding cyber attacks concerns personal data and the GDPR. What is often overlooked, however, is the physical dangers of a cyber-attack. 

Cyber-attacks that cause physical damage typically occur when a hacker gains access to a computer system that controls equipment in a manufacturing firm, refinery, power station or similar operation. Once the hacker gains access to an organisation’s machinery, they can then control that equipment to damage itself, other property, or in some cases harm employees.


Incidents can occur in a variety of ways, including phishing scams, internet exchange point attacks, breaches of unsecured and unencrypted devices, and even plots carried out by rogue employees.


Many experts cite power and energy sector organisations as the most at risk. However, any sectors where Industrial Control Systems (ICSs) are used. This applies to utilities, telecommunications, oil and petrol, petrochemicals, mining and manufacturing.

ICSs are open computer systems used to monitor and control physical processes as well as streamline operations and repairs. ICSs are not often designed with security as a primary consideration, which leaves them susceptible to attack. Furthermore, even if the attack doesn’t cause damage, the disruption alone can result in significant losses.

In August 2017, a Saudi Arabian petrochemical plant was hit by a cyber-attack that would have had devastating consequences. The attack was unique in that it wasn’t designed to steal data or money, instead, the hackers set out to sabotage their operations and trigger an explosion. If it hadn’t been for a mistake in the attackers’ code, an explosion would have been triggered remotely and not only would the plant have been destroyed but many employees could have died. 

While an attack on this scale might be unlikely for your business, a cyberattack could shut down your operations by hijacking your systems. The last thing you want to find after such an attack is that your cyber insurance does not cover (fully or otherwise) an attack resulting in physical damages to tangible property.

While it’s important to speak with an insurance broker about your options, there are steps a business can take by themselves to protect physical assets from cyber-attacks.

1) Keep all software up to date

2) Back up files regularly

3) Look into security for ICSs

4) Train employees on common cyber-risks and what they should do if they notice anything amiss

To make sure you have adequate protection, speak to one of our specialist advisors who can review and tailor your cover to your specific requirements by requesting a quote through our website or phoning our team on 0330 1240730!

9 Albany Park, Cabot Lane, Poole, Dorset, BH17 7BX
t. +44 (0)330 1240730
e. This email address is being protected from spambots. You need JavaScript enabled to view it.

© Insync Insurance Solutions Ltd 2016 All rights reserved. Cyberguru is a trading style of Insync Insurance Solutions Ltd which is authorised & regulated by the Financial Conduct Authority where our reference number is 766691. Our registered office is Midland House, 2 Poole Road, Bournemouth, Dorset BH2 5QY and we are registered in England under company number 08810662. Should you have cause to complain, and you are not satisfied with our response to your complaint, you may be able to refer it to the Financial Ombudsman Service, which can be contacted as follows: The Financial Ombudsman Service Exchange Tower, London, E14 9SR | Tel: 0800 023 4567 or 0300 123 9 123 | www.financial-ombudsman.org.uk | Terms of Business