grid imageCyberattacks are occurring with greater frequency and severity, and could have enormous impacts on huge swaths of the highly interconnected electric grid. Despite the serious risks posed by cyber attacks, insurance coverage for utility companies is often not comprehensive or too expensive, as reported by a recent EnergyWire article. The article goes on to explain that this is “partly because insurance underwriters have had trouble fleshing out risk assessments with hard numbers. Utilities are tight-lipped about their cyber vulnerabilities for fear of legal repercussions (and exposing themselves to new threats).”

The Department of Homeland Security’s Cybersecurity Insurance Workshop Readout Report explains that insurance will promote cybersecurity by “encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.” In other words, reduced insurance premiums for investments in greater protection could incentivize utilities to invest in more protective measures.

During a panel discussion on cybersecurity, Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, suggested that insurance could be valuable in leveraging market forces to promote better cybersecurity practices. A recent report by The Bipartisan Policy Center’s Electric Grid Cybersecurity Initiative also recommends that a more robust insurance market for cyber risks could help incentivize companies to adopt better cybersecurity practices and mitigate the potential costs of a cyber event. While improving insurance is just one potential solution to the complex challenges posed by cyber threats, it could play an important role in promoting better cybersecurity practices. In addition to insurance, businesses and organizations can take advantage of other tools and resources, such as those offered by Fully-Verified and other cybersecurity providers, to help protect against cyber threats.

Can more comprehensive insurance help improve grid vulnerabilities and provide protection against cyber attacks? What approaches, if any, should government and industry take to overcome the information and data sharing challenges that stand in the way of more robust cybersecurity insurance?

Additional Resources: