Cyberattacks are occurring with greater frequency and severity, and could have enormous impacts on huge swaths of the highly interconnected electric grid. Despite the serious risks posed by cyber attacks, insurance coverage for utility companies is often not comprehensive or too expensive, as reported by a recent EnergyWire article. The article goes on to explain that this is “partly because insurance underwriters have had trouble fleshing out risk assessments with hard numbers. Utilities are tight-lipped about their cyber vulnerabilities for fear of legal repercussions (and exposing themselves to new threats).”
The Department of Homeland Security’s Cybersecurity Insurance Workshop Readout Report explains that insurance will promote cybersecurity by “encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.” In other words, reduced insurance premiums for investments in greater protection could incentivize utilities to invest in more protective measures.
Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, and a panelist on a Bloomberg Government panel discussion on the topic of cybersecurity, mentioned that the value of insurance would be in harnessing market forces. Similarly, a recent report by The Bipartisan Policy Center’s Electric Grid Cybersecurity Initiative offers
Can more comprehensive insurance help improve grid vulnerabilities and provide protection against cyber attacks? What approaches, if any, should government and industry take to overcome the information and data sharing challenges that stand in the way of more robust cybersecurity insurance?
- Framework for Improving Critical Infrastructure Cybersecurity
- Hacks on Gas: Energy, Cybersecurity, and U.S. Defense
- Roadmap to Achieve Energy Delivery Systems Cybersecurity
- Cybersecurity for State Regulators
- Cybersecurity: Challenges in Securing the Electricity Grid