Analysis by predictive cyber risk modelling firm Kovrr has warned of the potential for a multi-billion dollar loss to the re/insurance industry stemming from a recently discovered vulnerability in the IoT operating system of a major security company.
Kovrr modelled two scenarios in which attackers exploit the URGENT/11 exposure in VxWorks, which is embedded in over 2 billion devices worldwide.
The first, which looked at a hacktivist sabotage attack on a global car manufacturer in the US, estimated that insured losses could reach $7.3 billion, assuming the company had sufficient coverage to absorb the full costs of the attack.
In the second scenario, Kovrr modelled how a malicious attack exploiting URGENT/11 vulnerabilities could cause a widespread ransomware attack that results in partial business interruption for 700 US manufacturers.
In this case, analysis suggested that economic losses could reach $18.7 billion, of which $13.0 billion would likely be covered by the re/insurance industry.
Kovrr noted that the vulnerabilities found in VxWorks are a clear example of how a single point of failure, such as a common operating system, can lead to a large loss or systemic cyber…
