grid imageCyberattacks are occurring with greater frequency and severity, and could have enormous impacts on huge swaths of the highly interconnected electric grid. Despite the serious risks posed by cyber attacks, insurance coverage for utility companies is often not comprehensive or too expensive, as reported by a recent EnergyWire article. The article goes on to explain that this is “partly because insurance underwriters have had trouble fleshing out risk assessments with hard numbers. Utilities are tight-lipped about their cyber vulnerabilities for fear of legal repercussions (and exposing themselves to new threats).”

The Department of Homeland Security’s Cybersecurity Insurance Workshop Readout Report explains that insurance will promote cybersecurity by “encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.” In other words, reduced insurance premiums for investments in greater protection could incentivize utilities to invest in more protective measures.

Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, and a panelist on a Bloomberg Government panel discussion on the topic of cybersecurity, mentioned that the value of insurance would be in harnessing market forces. Similarly, a recent report by The Bipartisan Policy Center’s Electric Grid Cybersecurity Initiative offers recommendations for how government and industry can protect the North American electric grid from cyber attacks. The report states that “a more robust insurance market for cyber risks would help to foster the adoption of cybersecurity best practices while reducing the potential costs of a cyber event for individual companies.” However, improving insurance is just one of many potential solutions to the complex challenges posed by cyber threats.

Can more comprehensive insurance help improve grid vulnerabilities and provide protection against cyber attacks? What approaches, if any, should government and industry take to overcome the information and data sharing challenges that stand in the way of more robust cybersecurity insurance?

Additional Resources: