Terrorism is evolving, and in response we’ve updated the cyber exclusion in our cover. Including as standard – ‘material damage and direct business interruption losses caused by acts of terrorism that are triggered by remote digital means using a cyber trigger’.
Remote digital means using a cyber trigger – explained
The risk of Remote Digital Terrorism
When it became evident that it might be possible for terrorists to cause damage by remote digital means, we commissioned the Cambridge University’s Centre for Risk Studies (CCRS), to evaluate the emergence of cyber-terrorism as a new peril. The research examined the intent and capability of threat actors, attack vectors, and realistic event scenarios. We were able to determine that there was a potential ‘new’ risk, and that we needed to fill this coverage gap in advance of the threat manifesting destructively.
Our research with Cambridge concluded that physically destructive cyber terrorism is, for now, a horizon threat, with the capability to carry out attacks such as the Stuxnet attack in 2010 currently the preserve only of sophisticated nation states.
The intent has been expressed
So far, we have not seen examples of terrorists or extremists having access to the kind of tools or expertise necessary to launch destructive cyber-attacks. However, the intent has been expressed, and evidence from criminal groups suggests that sophisticated nation state capabilities are increasingly being leaked, shared or sold on the dark web, and liable to reach terrorist groups in the future.
In addition, the lines between hostile state actors and state-sponsored terrorism are becoming increasingly intractable and are complicated further with cyber-attacks being more difficult to attribute than physical attacks.
The private sector has to play a bigger role than ever as part of a whole society effort to counter today’s terrorism threat.
Sir Mark Rowley, ex-Assistant Commissioner for Specialist Operations