Energy Cybersecurity Insurance Forum Day 1: July 7th Keynote
With the ever-increasing number of cyberattacks on U.S. based organizations, the White House is actively moving to build preventative infrastructure. Previously, the Biden Administration has released a cyber memo, as well as a significant allotment in their infrastructure plan. In response to this, the Axio team is working to enable better cyber risk management for the electric industry. On July 7-8, several representatives from governmental bodies, service providers, and cybersecurity agencies convened in a two-day cybersecurity insurance forum put together by the Axio senior management team. Opening remarks from the Department of Energy and three keynotes framed the event and the problem space.
We Aren’t Set Up to Protect Infrastructure Effectively
The opening keynote was delivered by Puesh Kumar, the Acting Principal Deputy Assistant Secretary (PDAS) for the US Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Subsequently, three more keynotes were delivered by Jim Trainor, Senior Vice President of Aon Cyber Solutions, Constance H. Lau, President and CEO of Hawaiian Electric Industries, and Representative Jim Langevin of the Rhode Island 2nd Congressional District.
Throughout their discussion, the four spoke about the effects of the ongoing cyberattacks and came to some key takeaways:
- The energy sector is integral to all other critical infrastructure sectors, and better early detection of threats is needed
- Government actions are needed to construct more consequences for cyber attackers and expand the Terrorism Risk Insurance Act (TRIA)
- Rapidly rising insurance rates for both property and cyber coverages are an area of concern.
- Emphasizing the disconnect between small-dollar cyber insurance policies vs massive risks of critical infrastructure failures
The Importance of the Energy Sector
The overarching message of the forum is the utter importance of the energy industry. If the energy sector is attacked and goes down, much of society comes to a standstill. With that in mind, better early detection of threats is needed, and more effective shared situational awareness can only aid the fight of addressing the risk successfully.
Government help is also required through various mechanisms. The full panel advocated for much stronger consequences for cyber attackers, as well as an evolution of the Terrorism Risk Insurance Act. This evolution should result in a greater availability of capital for risk transfer options. A further responsibility is a continued collaboration through information sharing with the other relevant sectors.
The Status of Energy Insurance
Another point that was discussed was the rapidly increasing rates for property and cyber coverages. Cyber coverage for physical damage is limited at best but is crucial for many organizations. Further, when it is available, much of it is written using broad war exclusion language, which also constrains property coverage.
The final key talking point discussed by the forum was that cyber insurance policies are small dollar in comparison to the massive risks that come with the disruption of critical infrastructure functions, one of those being the generation and transmission of electric power. As it stands today, the panel agreed that cyber insurance will not help recover, or prevent, a widespread takedown of the power grid.
Cyber Insurance Has Potential
While the current state of cyber insurance may make it difficult to combat a successful cyber-attack, there is potential for the insurance sector to be a huge player in preventing the future spread of cyber-attacks. With access to internal data, security choices, and other organizational decisions focused on cyber protection, the insurance industry can be instrumental in building a robust data sharing pipeline about cyber posture, threats, costs, and consequences.
At Axio, we’re committed to working with leaders in insurance, electricity, and cybersecurity sectors to help end this cyberattack scourge and protect critical infrastructure. Stay tuned for the next blog post, as we summarize panel discussions on Day 2.
If you’d like to learn more about the Axio360 platform, you can register for our free tool to improve your cybersecurity posture.