Stockman addresses a coverage issue I’ve noted in cyber policies across carriers. They tend to say something like: “The Company shall not be liable for Loss on account of any Claim or for any Expense…for bodily injury…or damage to or destruction of any tangible property.” Carrier’s position: If the data breach or malware attack causes an explosion, that’s on somebody else. My take – well, it would depend on the facts, the policy wording and the state of the law in the relevant jurisdiction. Of course.
It’s now clear, however, that cyber attacks can do more than corrupt and steal electronic data. Cyber attacks can also result in machine malfunctions that cause physical harm ‘IRL,” or “in real life.” Consider a hacker taking control of an HVAC system, or a car or a nuclear centrifuge (it separates uranium isotopes to make nuclear bombs). The result: IRL, broken stuff, injured people damage.