Managing Industrial Control Systems Security Risks for Cyber Insurance (Dagstuhl Seminar 21451)

Authors Simon Dejung, Mingyan Liu, Arndt Lüder, Edgar Weippl and all authors of the abstracts in this report

Thumbnail PDF


  • Filesize: 2.47 MB
  • 21 pages

Document Identifiers

Author Details

Simon Dejung
  • SCOR - Zürich, CH
Mingyan Liu
  • University of Michigan - Ann Arbor, US
Arndt Lüder
  • Otto-von-Guericke-Universität Magdeburg, DE
Edgar Weippl
  • University of Vienna & SBA Research - Wien, AT
and all authors of the abstracts in this report

Cite AsGet BibTex

Simon Dejung, Mingyan Liu, Arndt Lüder, and Edgar Weippl. Managing Industrial Control Systems Security Risks for Cyber Insurance (Dagstuhl Seminar 21451). In Dagstuhl Reports, Volume 11, Issue 10, pp. 36-56, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


Industrial control systems (ICSs), such as production systems or critical infrastructures, are an attractive target for cybercriminals, since attacks against these systems may cause severe physical damages/material damages (PD/MD), resulting in business interruption (BI) and loss of profit (LOP). Besides financial loss, cyber-attacks against ICSs can also harm human health or the environment or even be used as a kind of weapon. Thus, it is of utmost importance to manage cyber risks throughout the ICS’s lifecycle (i.e., engineering, operation, decommissioning), especially in light of the ever-increasing threat level that is accompanied by the progressive digitization of industrial processes. However, asset owners may not be able to address security risks sufficiently, nor adequately quantify them in terms of their potential impact (physical and non-physical) and likelihood. A self-deceptive solution might be using insurance to transfer these risks and offload them from their balance sheet since the underlying problem remains unsolved. The reason for this is that the exposure for asset owners remains and mitigation measures may still not be implemented adequately while the insurance industry is onboarding unassessed risks and covering it often without premium and without managing the potential exposure of accumulated events. The Dagstuhl Seminar 21451 "Managing Industrial Control Systems Security Risks for Cyber Insurance" aimed to provide an interdisciplinary forum to analyze and discuss open questions and current topics of research in this area in order to gain in-depth insights into the security risks of ICSs and the quantification thereof.

Subject Classification

ACM Subject Classification
  • Security and privacy → Economics of security and privacy
  • Social and professional topics → Information system economics
  • industrial control systems
  • security
  • cyber insurance
  • cyber risk quantification
  • production systems engineering
  • risk engineering
  • Industry 4.0


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail