Return of the Guru

Stuxnet Poses Potentially Disastrous Problems for Insurers

Ara Trembly
Insurance Experts' Forum, October 5, 2010

It seems the term “collateral damage” has become a household word these days, with almost daily news of military strikes in places like the Middle East that not only take out their intended targets, but also do some harm to unintended victims.

It’s almost a fact of life now that, to use the common euphemism, if one wants to make an omelet, one must break a few eggs. The latest example of this is Stuxnet, a powerful computer worm that is designed to derail industrial systems, targeting Windows PCs that oversee industrial-control systems at power plants, factories, pipelines and military installations.

According to Newsweek, the worm has been found in Iran’s Bushehr nuclear plant. Symantec estimates that more than 60,000 computers in Iran have been infected by the worm, which is the highest rate of any country in the world—a fact that’s led computer analysts to conclude Stuxnet was created by a foreign government, the Newsweek report says. If disrupting Iran’s nuclear effort was the goal, the worm seems to have been successful, with Iran officials reporting that the nuclear plant’s operations would be delayed by two months.

While I’m not feeling any pain about Iran not having nuclear weapons capabilities, many others around the world are feeling pain as it seems the worm has spread far beyond its intended target. This is serious stuff. According to one Internet report, the Stuxnet worm is a “groundbreaking” piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that security experts are indeed convinced that it was created with the resources and cooperation of a major government.

Without getting into the gory details, it looks like this virus has gotten into a lot of systems that control vital functions, like the flow of oil or the delivery of power to cities and nations. I’m not aware of any major blowups yet, but one has to wonder whether, even now, these facilities aren’t furiously working to cleanse their systems or to prevent infections.

This is a development that should be of huge concern to any insurer who offers protection to these now vulnerable facilities. It should be clear by now that such destructive efforts will undoubtedly be duplicated in the days and months to come, and that a war is being fought on and through computer systems. The trick for uninvolved parties is to remain out of the line of fire. If they do sustain damage, however, insurers will likely be left holding the bill.

Insurance and financial services are already becoming a more attractive target for cybercriminals, as I mentioned in a previous blog. Yet doing significant damage to an insured facility, rather than to the carrier itself, could be just as catastrophic as a direct hit for the insurers involved.

And here’s another cheerful thought: Stuxnet may not have been created by the world’s criminal syndicates, but now that it’s out there, they can surely replicate it and use it, perhaps as a tool for extortion.

Now is the time for insurers to insist on due diligence on security for their commercial insureds. Maybe our industry can hide behind “act of war” clauses when losses are sustained, but it remains to be seen whether or not malware has the same status as bullets and bombs in our courts.

A new era is dawning, and the promise is for more trouble to come.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Wearables Poised to Reshape Insurer-Insured Relationship

Boosted by the impending release of the Apple Watch, wearable devices have received a fair amount of attention recently – and with good reason. This emergent technology has the potential to alter the way the health insurance industry operates on a fundamental level.

Core Transformation – The Ultimate Balancing Act

The core transformation journey requires companies to shift from reactive to proactive business models, incorporating maturing and emerging technologies, customizing and personalizing products, and accelerating speed to market while providing improved customer service.

Despite Valiant Efforts, Insurers' Consumer Ratings Drop

Insurers also are confronting waves of disruptive changes, including big data analytics, an aging population, ongoing economic uncertainty and the growing frequency and severity of natural disasters, which threaten to challenge and undermine businesses.

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

The Apple Bounce: Are Wearables Truly this Big?

I just don’t believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novarica’s last study on these topics.