When Jaguar Land Rover suffered a cyber-physical incident in August 2025, the six-week shutdown of their UK plants generated a £1.9 billion economic impact across 5,000 organisations. Their insurance coverage: £25 million. The UK government had to step in to prevent widescale bankruptcies.
This isn't an edge case. It's a preview of what the Protection Gap looks like at scale — and it's sitting, largely invisible, on the balance sheets of industrial operators worldwide.
At S4x26, Neil Arklie — 30-year insurance professional and formerly of Lloyd's of London — explains exactly why OT cyber risk remains largely uninsured, and what both industries need to do to fix it. Watch the full session below.
If you'd like a structured summary of Neil's arguments before or after watching, here's what the session covers.
The traditional cyber insurance market — built around IT liability and breach response since 1999 — is now a $16 billion global market. The OT cyber-physical damage market is estimated at under $200 million. Less than 1.3% of the size, for a risk category that can generate losses an order of magnitude larger, as JLR demonstrated.
Cyber policies — designed for IT environments — typically exclude property damage. Property and energy policies typically exclude cyber events unless a specific malicious cyber attack extension is in place. OT risk sits in the gap between the two, with no policy type cleanly designed to cover it.
After Hurricane Andrew in 1987, the insurance industry rebuilt its property catastrophe models from scratch — collecting data down to zip code level, understanding construction types, modelling loss scenarios. Today, insurers can price every building on the Miami skyline. Neil's argument is that OT needs the same investment: standardised asset data, cyber-to-physical scenario mapping, and richer incident-loss reporting.
Insurance-linked securities (ILS) markets and institutional capital are actively looking for diversified exposure away from traditional asset classes. OT cyber-physical risk is an attractive diversifier. The capital exists and wants to flow — but for it to do so, OT risk data needs to be standardised into a form that can travel through the insurance value chain and be priced by reinsurers and capital markets.
DeNexus provides OT cyber risk quantification solutions that translate industrial cyber exposure into the language of insurance underwriting. We help industrial operators measure, communicate, and transfer their OT cyber-physical risk — enabling the data flow that makes meaningful insurance limits possible.