Following the cyber attack this month on Colonial Pipeline that disrupted the fuel supply in the United States, energy companies of the country are now rushing to purchase more cyber insurance.
The companies however will potentially have to pay more because a slew of ransomware attacks have prompted more cyber insurers planning to hike rates.
The largest fuel pipeline network in the United States was forced to be shut down for a number of days because of the ransomware attack on Colonial on May 7. That severely disrupted supply of fuels to most parts of the East Coast of the country. Electronic networks are at the heart of pipeline companies which makes them vulnerable to additional attacks that can disrupt delivery of crude oil or other fuels.
According to reports quoting insurance companies and brokers, cyber insurance premiums are being planned to be increased by 25 per cent to 40 per cent across many industries by insurers because of the increase in the incidents of cyber attacks. But since the Colonial attack exposed the vulnerabilities of the energy companies to cyber attacks, resulting in exposing insurers to losses, energy companies should expect to see the hoke towards the upper range of the spectrum.
Nick Economidis, vice president of cyber liability at insurer Crum & Forster said that cyber insurance is currently bought only by about half of the pipeline companies of the US even while there has been a significant increase in the number of cyber attacks.
“Since the Colonial outage, submissions from energy companies are up across the board,” said Economidis, adding that calls for insurance had started to come to him the very day that the Colonial cyber attack took place.
There have also been a large number of calls from energy companies in recent weeks at the Houston office of Lockton Companies, said Anthony Dagostino, cyber insurance broker at the company.
“Before the attack, the energy sector had some of the lowest interest in purchasing cyber insurance of all industries, but in the past two weeks, now they’re very interested,” Dagostino said.
Earlier this week, the US Department of Homeland Security said that strengthening their protection against cyber attacks was being ensured by regulators and pipeline companies. Moody’s Investors Service said in a May 10 report that the energy industry’s “cyber risk management and mitigation practices are not as advanced” on comparison to other major sectors such as banking or real estate which has raised elevated the risk of successful cyber attacks.
Moody’s said that since it is not easy to reroute fuel supply, therefore compared with other companies in the energy sector, the working of the pipeline sector can be damaged to a much greater extent by cyber attacks. It added that use of digital technologies to manage delivery has been increased by the pipeline operators.
According to a report from the Government Accountability Office, a federal watchdog, high premiums and difficulties in quantifying the costs from incidents have prevented many pipeline companies and other companies in the energy sector from purchasing cyber insurance.
“A lot of operators have not done the business impact assessments that banks and big retailers do to determine overall costs of being down for a certain period of time,” said Dagostino.
(Adapted from Investing.com)