In December 2015, parts of western Ukraine were thrust into darkness thanks to an unprecedented cyberattack against Ukrainian energy providers. Power outages, thought to be triggered by spear-phishing malware BlackEnergy, left 225,000 customers disconnected.
North American energy providers are yet to fall prey to such an attack, but the threat remains very real. It’s now widely accepted that the energy sector is a prime target for cyberattacks, explained Jodi Davenport, class underwriter, Onshore / Downstream Energy, ArgoGlobal.
“Cyber exposure has become a key topic in almost all lines of insurance, whether you write onshore energy, property, marine and so on,” Davenport told Insurance Business. “The question is: how exactly is the evolving cyber threat going to affect onshore energy?
“So far, there haven’t been any huge incidents or claims for the North American market to deal with. It remains untested, so until something happens, cyber risk in the onshore energy markets is uncharted territory.”
Another factor complicating that “uncharted territory” is innovation in the energy markets and the global dependence upon the energy markets to feed technology-centric communities and industries. The growing prevalence of things like smart energy grids, the Internet of Things, and the growth of renewable energy could all increase cyber exposures in the energy sector.
“We need to keep up the discussion around cyber risk. There have been lots of publications, media attention, conferences, and I would say most insurers are tuned into the threat. Our task now is to ensure that insurance distributors and consumers are also aware of the potential risks,” said Davenport.
“It’s very difficult because the industry hasn’t really been tested to any great level. At ArgoGlobal, we discuss cyber exposure with our energy clients and help them to manage their exposures. To a certain degree, it’s also down to the individual companies to take responsibility of their risk. Cyber exposure is certainly not going away any time soon.”