Threats to cyber security extend far beyond personal data.
Cyber security is much more than safeguarding the personal data of credit card holders. Data breaches occur when people lose their laptops or have them stolen; or when personal and corporate communications systems are infected by malware and ransomware. Breaches also involve hospitals that gather and store the health information of patients. Most people have a glancing knowledge of these facts. What goes largely unnoticed are the effects cyber events can have on manufacturing facilities and large-scale energy-producing infrastructure such as power plants, pipelines and electricity grids.
Symposium panelists did an excellent job of quantifying the effects of these events on energy supply chains in North America. When hackers infiltrate and disrupt the workings of an element of these chains, the damage can be enormous to property, revenues lost to interruption of operations, and even workers, whose health and safety is jeopardized. Cyber events also have a cascading effect on businesses down-stream, such as manufacturers, whose plants and assembly lines are at risk of grinding to a halt. The financial losses associated with such disruptions can be substantial, meaning these companies require insurance coverage to protect them if and when disruptions to their operations occur because of cyber attacks. Not to mention the potentially catastrophic pollution that might result from a breakdown along the energy supply chain as a result of a cyber event.
Cyber events that affect the energy supply chain also have cascading impacts on businesses down-stream, including operational disruptions, revenue losses, pollution and injuries to workers.
Compounding this threat is the fact that cyber-security risk management and maturity in the energy and manufacturing industries lags far behind that of other sectors of the economy. More bad news: enterprises along the energy supply chain do a poor job of collecting the information that underwriters require to perform all the activities necessary to write fair and complete coverage for these businesses. Tools are available to model risks and associated coverage of them, but these are just models at the moment. Until risk-management plans mature and until more accurate and timely data becomes available to underwriters, this critical component of the continental economy will remain exposed to the potentially significant effects of cyber attacks.