GCube, a provider of renewable energy insurance services, has launched a new Cyber Risk policy, uniquely designed to tackle the specific threats posed to clean energy asset owners by a recent rise in cyberattacks on global power generation and transmission infrastructure.
This new offering has been unveiled at the GCube Advisory Council meeting this week in Austin, Texas, a unique biannual initiative that brings together senior insurance and risk management executives from across the North American renewable energy sector.
“In the renewables market, the benefits of ‘big data’ and interconnectivity in driving operational efficiency are well-established – but there is an underlying risk that this increasing digitalization makes the industry a more obvious target for cyber crime,” said Fraser McLachlan, Chief Executive Officer, GCube Insurance.
The United States, in particular, is taking measures to bolster the cybersecurity of its grid, faced with persistent attacks targeting communications and control systems at major utilities and energy firms. To date, the bulk of these cyber and ransomware attacks have been focused on conventional generation infrastructure, but, with renewables supplying an increasing proportion of electricity to domestic grids worldwide, clean energy projects are becoming an equally prominent target.
“Thus far, the wind and solar markets have avoided a major incident, but research efforts by cyber security experts show just how easy it could be for hackers to bypass IT security mechanisms and gain control of, or otherwise influence, the operation of a wind or solar facility,” added McLachlan.
GCube’s Cyber Risk product – the first of its kind in the sector – is designed to cover the specific cyber exposures of renewable energy asset owners, faced with this growing threat. Unlike more conventional cyber insurance products in the market, which focus on data breaches relating to personal information, this new product covers owners and operators in any circumstance where the ability to generate power – and the associated revenue – is impacted by a cyberattack on proprietary or third-party IT or OT (Operational Technology) systems.
In practice, this means it provides cover for loss of revenue – and incidental expenses – incurred in a range of circumstances, including non-damage events, digital asset destruction, including loss of use or theft of import SCADA (Supervisory Control and Data Acquisition) data, reputational harm and cyber extortion.
Cover can also be extended to include a cyberattack on assets not actually owned by the insured, such as damage to a third-party substation or transmission infrastructure that prevents the export of power.
“While energy firms commonly take out policies to mitigate the commercial risk of a customer or employee data breach – and the physical integrity of assets is covered by conventional insurance – what has been lacking in the market to date is a means of compensation for when a cyberattack prevents a renewable energy project from operating as it should,” said McLachlan.
“We’ve worked closely with our insured clients in the United States and around the world to develop a Cyber Risk offering that meets the specific needs of renewable energy asset owners and operators.”