Many believe that these utility companies are a “time bomb” for a digital attack.
According to a recent publication by Willis, a reinsurance broker, energy companies do not have cyber insurance against any type of digital attack, but that the threat level has currently reached that of a “time bomb” that could end up costing the industry billions of dollars if the right cybercriminal does come along.
The reinsurer used its annual review of the insurance market of the energy sector to underscore this vulnerability.
Within the annual review, Willis pointed out that the energy sector does not have any cyber insurance and made a call for insurers to find a way to be able to provide this coverage. The broker explained that the size of the catastrophe that could potentially occur is “on the same scale as…Exxon Valdez or Deepwater Horizon.” All of that could be caused by a digital attack. Moreover, it added that despite the fact that the disaster could be that large, coverage of that nature just doesn’t seem to be offered to the energy sector.
Cyber insurance would go far beyond the types of digital protection that the energy sector currently has.
The majority of insurance products that are available to energy companies are for comparatively smaller issues such as downtime caused by IT problems and challenges such as data losses. However, the protection does not extend to much larger events that could be caused by a cybercriminal, such as explosions occurring at more than one facility that has been triggered remotely. This, according to the Willis report.
It stated that the lack of this type of additional protection is the result of a clause that was worked into the insurance agreements throughout the majority of the energy sector throughout the last decade and that specifically excludes damage and loss that is the result of viruses, software, or other types of malicious digital code.
The report said that the most effective way to make sure that this coverage will be provided to energy companies throughout the industry would be to eliminate this exclusion and put cyber insurance back into place.