Canada’s energy sector is a very big deal; the sector produced more than $57.4 billion in gross domestic product in Q1 2022 – 9.1% of Canada’s total GDP, according to the Canadian Centre for Energy Information.
And yet, the sector is also faced with equally huge problems. Whether it is about their cybersecurity being breached by state-sponsored hackers in light of current geopolitical tensions, or dealing with the insurance market’s increasingly limited capacity as environmentalists call for a drop from fossil fuels, the energy sector is tied up with a lot of issues.
NFP appointed Robert Scherer as senior vice president in September, joining the brokerage’s Complex Risk Solutions Group. With nearly two decades of risk assessment and loss prevention experience in the energy sector, Insurance Business approached Scherer for his insights into the current state of Canada’s energy space.
What are your responsibilities as SVP at NFP's Complex Risk Solutions Group?
It’s a multi-faceted role centred on developing business, supporting the growth of personnel and the business unit, and promoting the NFP brand.
Can you give me an overview of where the energy industry in Canada currently stands?
There are several key topics that are influencing the energy industry including the rapid expansion of alternative and renewal energy options, e.g., solar, wind, geothermal, hydrogen etc. In this transition, Canada is the only country in the world at both the top of oil reserves (behind Saudi Arabia and Venezuela) and consolidated ESG scores (behind Norway and Denmark). Our energy industry is leading the technological development necessary to achieve a net zero barrel.
How prepared is Canada's energy sector against the threat of state-sponsored cyberattacks?
Canada’s energy sector has experienced a few high-profile cyberattacks, similar to the Colonial Pipeline event in the USA, and such attacks have put cyber at the forefront of board discussions.
Energy companies have invested in both their Information and Operational Technology networks to mitigate the cyber threat through investments in Multi-factor Authentication (MFA), End Point Detection (EPD), encryption backups, and phishing training, among others. While the threat is real, the energy sector is taking proactive measures to alleviate the exposure as part of its broader Enterprise Risk Management strategies.
And how can insurance help?
Cyber liability insurance offers more than just the limits and terms of conditions of the policy wording. It affords coverage and the benefit of pre- and post-incident response by consultants armed with experience and best practices. Cyber insurance has been a key risk mitigation option that Energy companies increasingly pursue.
Cyber policies also provide companies the additional benefit of obtaining consultation on how to source and pay potential claims with Bitcoin and various other cryptocurrencies, a situation more companies are needing to solve for and are otherwise unable to do on their own.
Strikingly, although major ransomware events draw most of the headlines when it comes to Cyber Liability related events, human error on behalf of employees remains one of the leading causes of cyber losses. Companies that utilize the proactive services available through their cyber insurance programs, such as educating their staff, benefit from not only a lower overall exposure but lower cyber premiums because of these improvements.
In addition, cyber coverage on operational property policies remains a key discussion item where insurers have significantly reduced or eliminated cyber altogether from their wordings. Property insurers effectively excluded all losses resulting from the introduction of a virus, whether maliciously or by accident.
Up until about 2 or 3 years ago, we were mostly able to get the LMA2915 cyber exclusionary endorsement, which has the give back for resultant damage from fire or explosion as a result of the introduction of the virus. When the market was at its softest, we expanded this list of perils, which was a huge win. As the market turned harder, underwriters pushed back on this, and coverage continued to narrow.
Achieving the LMA2915 is rare now and most markets are asking for the LMA5401 cyber exclusionary endorsement, in which there is no write back for any resultant damage following a cyber incident and there is no coverage for data loss caused by a physical peril such as fire, explosion, storm etc.
Until our recently announced coverage solution, we often settled on the middle ground at the LMA5400 (slightly less restrictive than the LMA5401 as it gives back fire or explosion but only from a Cyber Incident, which is an accidental or operational error resulting in a cyber loss). NFP’s complex risk team can now offer clients a wrap solution that fills this cyber coverage gap through a bespoke solution with a key trading partner.
Apart from cyber, what other major risks post-pandemic are energy companies facing right now?
Withdrawal of capacity for companies centred in the oil sands is a major risk that energy companies are facing now. Over a billion dollars in capacity has been removed from the marketplace over the last four years. On the surface, this directly impacts the oil sands producers but underneath, the indirect consequences across the energy industry in Canada and all the supporting industries particularly found in Alberta are monumental.
New corporate workforce reality balancing employees desire to have flexible work arrangements is affecting all companies. Regulatory uncertainty in Canada is often discussed as the industry has the current capability to increase supply to Europe and other key trading partners to provide an alternative to Russian natural gas and oil but is not afforded the regulatory support to do so.