Skip to main content
Marsh logo

Article

Cyber physical risk and property damage: A significant liability for South African companies

As cyber threats become increasingly sophisticated and frequent, South African businesses face escalating risks — not only to their data but also to their physical assets and operational continuity.

13/03/2026

As cyber threats become increasingly sophisticated and frequent, South African businesses face escalating risks — not only to their data but also to their physical assets and operational continuity. While automation and digitalisation bring opportunities for growth and efficiency, they also introduce new vulnerabilities, including the risk of physical damage and business interruption caused by cyberattacks.

Many organisations underestimate these threats and find themselves uninsured or underinsured, as traditional insurance policies often fall short of providing comprehensive coverage for these incidents. To protect themselves, businesses must adopt customised insurance solutions alongside robust risk mitigation strategies that specifically address cyber-related property damage and business interruption.

How a cyberattack can cause physical damage

Cyberattacks targeting operational technology (OT) are impacting a growing number of organisations across every sector. It’s no longer a matter of if, but when, as these attacks have become commonplace. According to one estimate, in 2024 the number of sites globally experiencing physical operational impairments due to cyberattacks surged by 146%, rising from 412 in 2023 to 1,015. Most of these attacks impacted multiple physical locations. The following examples demonstrate how threat actors can cause physical damage to different types of organizations:

Cyberattack at a mine

A cyberattack on a mine can disrupt critical safety systems, such as gas detectors, ventilation controls, and emergency shutdown mechanisms. These operational disruptions may allow hazardous conditions to go unnoticed, increasing the risk of accidents or injuries. Communication systems may also be compromised, delaying emergency responses or evacuations. Furthermore, production processes are vulnerable — attacks targeting operational technology like automated drilling equipment, conveyor belts, or processing systems can lock operators out or manipulate data, causing costly downtime, operational inefficiency, or even equipment damage.

Cyberattack at a manufacturer

In manufacturing, cyberattacks can target equipment, critical infrastructure, and management systems, potentially halting production entirely. Malicious code may manipulate or disable control systems that operate machinery, leading to mechanical failures or malfunctions. Environmental control systems regulating temperature and humidity can also be disrupted. Safety systems may be compromised, increasing the risk of accidents if monitoring or emergency controls are tampered with or disabled. These disruptions can lead to substantial financial losses due to lost output and repair costs.

Cyberattack on a power grid

Cyberattacks on electricity grids can target the physical infrastructure, smart buildings, and control systems responsible for power generation, transmission, and distribution. Cybercriminals can manipulate control systems, resulting in equipment malfunctions, overloads, or failures in transformers, circuit breakers, and substations. This can cause physical damage to critical components such as turbines, generators, and switchgear. Disruption of safety mechanisms may trigger cascading failures or fires, further damaging infrastructure. Prolonged outages can cause secondary damage, including degradation of back-up systems and equipment impairment due to overheating. Repairing this damage is costly and time-consuming, potentially leading to extended power outages that impact large populations and industries.

There are numerous real-world examples of cyberattacks causing significant disruption across various industries. In 2021, a cyberattack on a US fuel pipeline halted oil flow, while an attack on a German steel mill disrupted operations and caused severe damage to its blast furnace. In another case, a former hospital employee infected the facility’s machines with malware, compromising the heating, ventilation, and air conditioning (HVAC) system. This manipulation endangered patient safety, underscoring the urgent need to address the specific risks of cyberattacks and insider threats in healthcare settings.

The consequences of these attacks included:

  • Payment of a ransom
  • Loss of access to design tools on engineering workstations
  • Loss of visibility through human-machine interfaces (HMI) or alarm systems
  • Loss of historical data
  • Disruption of quality assurance systems
  • Inaccessibility of analytics tools
  • Compromise of supervisory control and data acquisition (SCADA) functions
  • Inability to authenticate users
  • Reputational damage
  • Compromise of smart infrastructure, autonomous systems, and real-time monitoring, and other information systems

It is worth noting that physical consequences and business interruption can also arise from non-malicious cyber events, such as the global technology outage triggered by the CrowdStrike software update in 2024.

Physical cyber risk: A major uninsured liability

Despite the rising threat of physical damage caused by cyberattacks, physical cyber risk remains one of the most substantial uninsured liabilities on the balance sheets of many South African companies. A decade ago, coverage for physical cyber risk was often included within property insurance policies. However, as the insurance market has evolved, most existing property policies now exclude cyber-related risks.

The good news is that the cyber insurance market has responded by introducing risk assessment and specialised products to close this protection gap. These products are available either through exclusionary buybacks or on an affirmative basis, specifically covering cyber physical risk.

How to protect uninsured property cyber risk

Marsh can help you safeguard your organisation by conducting a comprehensive gap analysis of your property insurance programmes to identify and address any coverage gaps. We quantify the potential financial impact of cyber property damage and business interruption risk. This enables you to optimise your insurance coverage and strengthen risk management strategies, including employee training and enhancement of cyber tools and security controls.

With the current market favouring buyers, now is an ideal time to explore securing specialised cyber property damage coverage to protect your assets and operations.

For more information, please contact us

Contact us

Our people

Ben Wilmot-Sitwell

Ben Wilmot-Sitwell

Cyber Growth Leader, South Africa

  • South Africa