Converged IT & OT Environments Present a New Attack Surface
The U.S. Department of Homeland Security has recently established the Cybersecurity and Infrastructure Security Agency (CISA). The very name implies the connectedness of Information Technology (IT) and Operations Technology (OT).
There has been an increase in claims against cyber policies due to lost data as well as the operational losses arising from breaches. This could include down-time, data regeneration, customer notifications etc. In a converged IT/OT environment, you may need to rethink the approach to insurance and not segregate cyber from other business operations coverage. For example, the impact of tainted products put into a marketplace from an “attacked” manufacturing line could include recalls, repairs, replacement and substantial valuation reduction.
The New York Law Journal has an excellent article framing how the changes deriving from IT/OT convergence require everyone to take a fresh look at legal and regulatory norms that have stood for decades.