Email:support@eranet.com WhatsApp:+(852)68882160

Energy firm cyber-defence is 'too weak', insurers say

  • Release time:2014-02-27

  • Browse:5964

  •   


    Energy bosses are getting increasingly worried about the risks posed by cyber attack

    Power companies are being refused insurance cover for cyber-attacks because their defences are perceived as weak, the BBC has learned.

    Underwriters at Lloyd's of London say they have seen a "huge increase" in demand for cover from energy firms.

    But surveyor assessments of the cyber-defences in place concluded that protections were inadequate.

    Energy industry veterans said they were "not surprised" the companies were being refused cover.

    "In the last year or so we have seen a huge increase in demand from energy and utility companies," said Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd's of London.

    The market is one of few places in the world where businesses can come to insure such things as container ships, oil tankers, and large development projects and to secure cash that would help them recover after disasters.

    Worried'
    For years, said Ms Khudari, Kiln and many other syndicates had offered cover for data breaches, to help companies recover if attackers penetrated networks and stole customer information.

    Now, she said, the same firms were seeking multi-million pound policies to help them rebuild if their computers and power-generation networks were damaged in a cyber-attack.

    "They are all worried about their reliance on computer systems and how they can offset that with insurance," she said.

    Any company that applies for cover has to let experts employed by Kiln and other underwriters look over their systems to see if they are doing enough to keep intruders out.

    Assessors look at the steps firms take to keep attackers away, how they ensure software is kept up to date and how they oversee networks of hardware that can span regions or entire countries.

    Unfortunately, said Ms Khudari, after such checks were carried out, the majority of applicants were turned away because their cyber-defences were lacking.

    "We would not want insurance to be a substitute for security," she said.

    What was not clear, she said, was why firms were suddenly seeking cover in large numbers.

    Although many governments had sent warnings about the threat from hackers, attackers and hacktivists to utility firms and other organisations running critical infrastructure, none had mandated them to get cover.

    "I think what's behind it is the increase in threats and the fact that a lot of these systems were never previously connected to the outside world," she said.

    Mike Assante, who helped develop cyber-security standards for US utilities and now helps to teach IT staff how to defend critical infrastructure including power networks, said it was "unfortunately not surprising" that insurers were turning away energy firms.

    Power generators and distributors had struggled with the complexity and size of the networks they managed, he said. In addition they had found it hard to find and recruit staff with the specialist skills to defend these systems, he added.

    "There have been a number of incidents that have caused company leaders

Search

Document