A power outage that left around 700,000 people in the Ukraine in the dark just before Christmas last year has been revealed as the first confirmed cyber attack on a national grid.
According to a report by broker and risk management firm JLT Speciality, it was a cyber attack on Ukrainian power company Prykarpattyaoblenergo that took out the grid, marking the first successful large-scale cyber attack on an electrical utility. This shows how important cyber security and insurance is, especially when cyber incidents can cause real-world damages.
Lloyd’s of London published a report last year that estimated the economic and insurance impacts of a severe yet plausible cyber attack against the US power grid. The scenario depicted the Northeastern US going dark, leaving 93 million people with no electricity. The economic impact is estimated to be anywhere from US$243bn to more than US$1tn, with insured losses from US$21.4bn, rising to US$71.1bn in the worst-case scenario.
Utility companies deliver vital services and hold a large amount of personal customer information, making cyber security a high priority. No security is impenetrable, so the industry should be prepared for more successful attacks in the future. In turn, brokers must review how cyber security risks are covered in their clients’ policies. Many policies have exclusions for cyber risks, but these risks can often be covered through separate cyber insurance policies.