As soon as cyber attacks occur More sophisticated and more frequent, South African businesses face increasing risks – not only to their data, but also to their physical assets and operational continuity.
Automation and digitalization are creating opportunities for growth and efficiency, but they are also opening up new vulnerabilities, including the risk of physical harm and business interruption caused by cyber incidents.
The recent surge of conflict-related cyber attacks in the Middle East has underlined the geopolitical dimension of cyber-asset risks. State-sponsored actors and hacktivist groups have increasingly targeted critical infrastructure such as power grids and industrial facilities, demonstrating how regional conflicts can rapidly escalate cyber-physical threats and insurance risks on a global scale.
Many organizations underestimate the risk and find themselves uninsured or underinsured. Traditional insurance policies often fail to provide comprehensive coverage for these events. To protect themselves, businesses must adopt robust risk mitigation strategies as well as customized insurance solutions that specifically address cyber-related asset damage and business interruption.
How can a cyber attack cause physical harm?
Cyberattacks targeting operational technology are affecting an increasing number of organizations in every sector. It's no longer a matter of if, but when. one by one guessThe number of sites globally that suffered physical operational loss due to cyber attacks increased by 146% in 2024, from 412 in 2023 to 1,015. Most of these attacks affected multiple physical locations.
In Africa, the cyber insurance market is growing rapidly, but penetration is still low. The Middle East and Africa cyber insurance market is valued at approximately US$283 million in 2024 and is projected to grow significantly. Despite limited specific loss data, it is estimated that cybercrime will reduce Africa's GDP by more than 10%, equivalent to a loss of more than $4 billion, with increased risk exposure due to ransomware and digital transformation. Many African businesses still operate without adequate cyber insurance or mature cyber security controls, highlighting a significant security gap that reflects the challenges facing South African companies.
The following examples demonstrate how threat actors can cause physical harm to a variety of organizations.
- Mines: A cyber attack on a mine can disrupt critical safety systems, including gas detectors, ventilation controls and emergency shutdown mechanisms. These types of operational disruptions can lead to dangerous conditions not being addressed, increasing the risk of accidents or injuries. Communications systems may also be compromised, causing delays in emergency response or evacuation. Production processes are also vulnerable – attacks targeting operational technology such as automated drilling equipment, conveyor belts or processing systems can lock out operators or manipulate data, leading to costly downtime, operational inefficiencies or equipment damage.
- Production: In the manufacturing sector, cyberattacks can target equipment, critical infrastructure and management systems, potentially causing a complete halt to production. Malicious code can manipulate or disable the control systems that operate machinery, causing mechanical failures or malfunctions. Environmental control systems that regulate temperature and humidity may also be disrupted. If monitoring or emergency controls are tampered with or disabled, safety systems may be compromised, increasing the risk of accidents. This may result in substantial financial losses due to reduced output and repair costs.
- power grids: Cyberattacks on power grids can target the physical infrastructure, smart buildings, and control systems responsible for power generation, transmission, and distribution. Cybercriminals can manipulate control systems, resulting in equipment malfunction, overloads, or failure of transformers, circuit breakers, and substations. This can cause physical damage to critical components such as turbines, generators and switchgear. Disruption of safety mechanisms can lead to large-scale failures or fires, causing further damage to infrastructure. Prolonged power outages can cause secondary damage, including failure of backup systems and equipment failure due to overheating. Repairs are expensive and time-consuming, and can lead to prolonged power outages, affecting large populations and industries.
There are many real-world examples of cyber attacks that are causing significant disruption across industries. In 2021, a cyberattack on a US fuel pipeline halted oil flows, while an attack on a German steel mill disrupted operations and caused severe damage to its blast furnace. In another case, a former hospital employee infected the facility's machines with malware, affecting heating, ventilation and air conditioning systems. The manipulation put patient safety at risk, underscoring the urgent need to address the specific risks of cyberattacks and insider threats in health care settings.
Consequences of these types of attacks include ransom payment; Loss of access to design tools on engineering workstations; loss of visibility through human-machine interfaces or alarm systems; loss of historical data; disruption of quality assurance systems; inaccessibility of analytical instruments; coordination of supervisory control and data acquisition (SCADA) functions; Inability to authenticate users; damage to reputation; and the compromise of smart infrastructure, autonomous systems, and real-time monitoring.
It is worth noting that non-malicious cyber incidents could also lead to physical consequences and business disruption, such as the global technology outage caused by a CrowdStrike software update in 2024.
a major uninsured liability
Despite the growing threat of physical harm from cyber attacks, physical cyber risk remains one of the largest uninsured liabilities on the balance sheets of many South African companies. A decade ago, coverage for physical cyber risks was often included in property insurance policies. However, as the insurance market has evolved, most existing property policies now exclude cyber-related risks.
The cyber insurance market has responded by introducing risk assessments and specialized products to close this security gap. These products are available either through exclusive buyback or on a positive basis, covering cyber-physical risks exclusively.
How to protect uninsured property from cyber risk
Marsh can help organizations protect themselves by conducting a comprehensive gap analysis of their property insurance programs to identify and address coverage gaps. We quantify the potential financial impact of cyber asset damage and business interruption risks, enabling clients to optimize insurance coverage and strengthen risk management strategies – including employee training and enhanced cyber tools and security controls.
With the current market favoring buyers, now is the ideal time to explore securing specialized cyber asset damage coverage to protect assets and operations. For more information please Contact your Marsh Risk Advisor.