Most business leaders and risk management professionals would accept the premise that the world has become a much more complicated, interconnected place. The insurance industry in the UK, for example, has for understandable reasons been largely been pre-occupied in 2014 by the damage caused to lives and livelihoods by floods.
Meanwhile, insurers more widely remain focused on property damage and its responses. They remain so much conditioned by natural catastrophe models that everything else doesn’t really register. While flood news has dominated, however, a chilling and timely news story appeared on the BBC recently, which demonstrated how important it is for Underwriters to remain focused on their connected specialty insurance exposures. The story, which was picked up after a note was released by Lloyd’s of London Underwriter Kiln, outlined how energy bosses are getting increasingly worried about the risks posed by cyber-attack.
According to the BBC story [Source: BBC], power companies are being refused insurance cover for cyber-attacks because their defences are perceived as weak, while Underwriters at Lloyd's of London explained they had seen a "huge increase" in demand for cover from energy firms but surveyor assessments of the cyber-defences in place concluded that protections were inadequate. "In the last year or so we have seen a huge increase in demand from energy and utility companies. I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected [our italics] to the outside world” said Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd's of London.
The key word here is “connected.” The news about the energy companies reflects a wider concern about cyber exposures more generally and the impact on business interruption. As Power generators and distributors struggle with the complexity and size of the networks they manage, they find it hard to find and recruit staff with the specialist skills to defend these systems.
Financial pressures and the ability to manage systems remotely are inadvertently giving attackers a loophole they can slip through, says Nathan McNeill, chief strategy officer at remote management firm Bomgar. He says that; “Trying to cut costs by linking up plant and machinery to a control centre so they could be managed remotely meant those systems were effectively exposed to the net. If something has basic connectivity then it will become internet connectivity through some channel," he said.
But how can power companies mitigate their expsosures? Read Thursday’s blog to find out.