Who says the digital world and the physical one are separate?
On Wednesday, AIG announced it's expanding cyber insurance offering to cover property damage and bodily injury. It's a watershed moment. A major insurer is saying the virtual and corporeal are now, in some cases, one and the same.
In a statement, AIG(AIG) acknowledged the closing gap.
"Cyber risk goes well beyond data privacy concerns covered by stand-alone cyber insurance offerings prevalent in the market," said Tracie Grella, who leads AIG's professional liability division. "The physical risk of a cyber attack or cyber event to property and people is very real."
The nation's critical infrastructure of utilities -- power plants, water treatment centers, dams, etc. -- runs on cyber platforms. Much of it is Internet-accessible.
The best proof that cyber hacks lead to physical damage actually comes from a U.S. offensive. The United States famously dealt a serious setback to Iran's nuclear ambitions with a cyberattack called Stuxnet that made many of the nation's centrifuges spin out of control.
The repercussions of a cyber-to-physical hack could be fatal. A dam told to ignore pressure readings could burst. A power plant taken offline could pull the plug on hospitals.
Hackers control car's steering and brakes
And on a personal level, consider how our cars are essentially computers at this point. The average car has 50 or more microprocessors inside of it. And recent research has shown they're just as hackable as our PCs. If something goes wrong on the highway, it's not like a malfunctioning app you just close. Your life is at risk.
Cybersecurity insurance is a relatively new phenomenon. It's a hedge against getting hacked, which is now seen as an inevitability.
It makes sense to insure against data breaches, because the cost of those incidents is increasing. Between 2011 and 2012, Ponemon saw the average cost of a data breach in the United States rise from $188 per-person to $194. If a massive database with thousands of names gets lost, that quickly gets multiplied.
The damage in all those cases is monetary: thieves make fraudulent purchases, customer financial data is exposed and credit cards must be reissued. Target told senators it's investing $100 million to upgrade to a more advanced credit card system to avoid a repeat of last year's debacle.
But physical damage is seen as the next big liability. AIG didn't come up with this idea on its own. The company said it's responding to concerns from power plants, oil companies and hospitals.