2014-03-04
Abstract
Energy and utility companies are being turned down when requesting insurance cover for cyber attacks because their defences are perceived to be too weak.
Copyright © 2014 Virus Bulletin
According to the BBC, energy and utility companies are being turned down by insurance firms when requesting insurance cover for cyber attacks because their defences are perceived to be too weak.
Underwriters at specialist insurance market Lloyd’s of London told the BBC that there has been a huge increase in demand for cover from energy firms over the last year or so – but that in the majority of cases, cover is being refused as assessors are finding that the firms’ IT security defences, policies and procedures are inadequate.
It has long been common for insurance firms to offer businesses cover against data breaches – for example to aid in their recovery in the event of their networks being penetrated and customer data stolen. Recently, however, there has been a significant rise in the number of power companies applying for multi-million-pound policies to cover them against damages caused by a cyber attack.
Clearly, the perception of the insurance assessors is that, in the majority of cases, firms are placing too much emphasis on transferring the risk to insurers, rather than paying enough attention to risk mitigation. It is to be hoped that the companies that have been refused insurance cover will revisit their cybersecurity policies and procedures and focus on strengthening the protection they have in place – using insurance cover as a means to transfer the remaining risk, rather than as a substitute for a robust security programme.
