Cyber Liability in the Energy Space


Cyber Liability in the Energy Space: Critical Coverage for Critical Assets

In 2018, companies within the energy sector, from suppliers to producers, rely heavily on operational technology to perform daily operations.  Internet-connected networks and systems for activities such as pipeline management, workflow automation, real-time monitoring of equipment, reservoir modeling, use of electronic data interchange (EDI), and many other activities utilize connected networks and software in order to optimize efficiencies, save money, and ultimately, increase profits.  With this increased connectivity comes increased cyber risk.  Despite this fact, nearly 65 percent of respondents in the Ponemon Institute’s 2017 study rated their operational technology response readiness as less than “high.”

The energy sector has experienced numerous cyber-attacks.  Significant security breaches include:

  • 2013 – The United States Department of Energy disclosed two separate breaches of their network.
  • 2015 – The United States Industrial Control Systems Cyber Emergency Response Team issued an advisory for a vulnerability found in a widely used, small-scale turbine for homes or farms.
  • 2016 – A Vermont utility company serving less than 20,000 households found Russian malware on one of its computers.The motive was unclear.
  • 2017 – The “Wannacry” ransomware hit numerous energy companies, crippling their networks.
  • 2018 – The United States Department of Homeland Security issued a warning concerning Russian hackers targeting U.S.-based energy companies.

While it’s clear that the threat is persistent and that preparedness is minimal, the number of energy-related companies purchasing Cyber Liability coverage is lower than it should be compared to other industries.  If the coverage isn’t purchased, it cannot respond, and companies will be left to fend for themselves in the event of a network security or privacy breach incident.

How Can a Stand-Alone Cyber Liability Policy Add Value to Your Coverage Offering for Energy Risks?

  • Comprehensive Coverage – Cyber insurers are highly adept at comprehensively underwriting industry-specific risks, as well as providing highly valuable resources to assist insureds before, after and throughout a cyber event.
  • Limit Capacity – Even if some limited Cyber coverage is purchased in a multiline package policy, small sublimits are not enough.  Having dedicated coverage built to respond to cyber losses preserves policy limits for each type of risk.  In some cyber forms, breach response expenses are outside the policy limit, which also helps preserve limits.
  • Regulatory – The energy sector produces critical resources.  As such, it is not only a heightened target for threat actors, but also for regulators.  State-specific privacy laws are enforced by state attorney generals, who can investigate and levy fines and penalties.  Federal bodies, such as the Department of Homeland Security, monitor the cyber threat activity surrounding the energy sector.  A Cyber Liability policy can provide coverage for fines and penalties – where insurable – as well as for costs associated with regulatory investigations.
  • Response and Pre-Emptive Resources – Stand-alone Cyber policies generally include cyber security risk management packages that may feature web-based learning platforms, legal white papers on security matters, discounted rates with IT security vendors, network penetration testing, table-top breach exercises, assistance with incident response plans and, in some cases, real-time network security monitoring. 


Current and Future Claim Trends

Emerging trends in the network security world are increasing the need for energy and energy-related companies to consider purchasing Cyber Liability coverage.

  1. Unintentional or Negligent Insider Threats – Recent reports are showing threats from insiders are growing.  Bad actors are exploiting internal users in an effort to gain access to networks by exploiting misconfigured servers, as well as Man-in-the-Middle (MitM) and phishing attacks. 

    The IBM X-Force Threat Intelligence Index 2018 report indicates that clients in the education, energy, and financial services sectors experienced a “notably higher percentage” of insider threat activity.  They noted a higher than average volume of targeted phishing emails as one potential cause.

    Furthermore, 65 percent of respondents in a recent Ponemon Study said that the top cyber security threat is the negligent or careless insider.

  2. Nation State and Political Threats – Black hats or bad actors’ most common motivations are financial gain.  With the global political climate in a heightened state of unrest, however, more and more “hacktivist” activities are targeting critical assets – such as energy and/or manufacturing – to bring awareness to a cause or hinder the production and operations of a perceived enemy state (and domestic companies).  As a result of such attacks, energy firms have recently experienced, and will likely continue to see, business interruption losses. These interruptions cause not only loss of revenues, but also a host of other liability issues for those that depend on their products.

  3. Contingent Bodily Injury and Property Damages – Inherently, the implications of a network security incident for an energy firm go beyond traditional financial loss.  A hijacked pipeline management or industrial control system could easily lead to widespread issues involving threat to human life and property alike.  Generally, most Cyber policies exclude coverage for claims arising or relating to bodily injury or property damage; however, there appears to be a shift in the market as carriers consider a provision of this coverage.  Some carriers can also provide contingent Pollution coverage as a result of a network security incident.  Energy buyers should always ask about – and coordinate coverage between – Cyber, General Liability and Pollution.

  4. Supply Chain Vulnerabilities – Companies within the energy sector rely heavily on certain supply chains.  Upstream, midstream, and downstream companies in the oil and gas sector, for example, all experience some reliance on suppliers and other vendors.  Often, these vendors pose a cyber security threat even in the absence of unscrupulous motives.  With access to a company’s network, negligent or insufficient security protocols used by a vendor can allow threat actors to access the network via the vendor’s system and wreak havoc.  Per the 2017 Ponemon Oil & Gas Cyber Security Preparedness study, 69 percent of respondents believe their organization is at risk because of uncertainty about the cybersecurity practices of third parties in the supply chain.  Furthermore, 61 percent say their organization has difficulty in mitigating cyber risks across the oil and gas value chain. Vendor access will continue to be an issue given that even the best prevention measures cannot stop all threats. 

Insurance Solutions for Cyber Threats to Energy Companies

Energy companies should utilize table-top exercises with their leadership teams, risk managers, IT leaders and others to create a game plan for every possible cyber threat. Nevertheless, we know that some attacks will still be successful. Here are some examples of threats and possible insurance solutions.



Lost revenue from a network interruption arising from ransomware.

Cyber insurance covers the ransom payment if necessary, as well as the forensic investigation to determine the scope of the threat and to shut it down. Insurance pays for business interruption losses and extra expenses to return to full operation.

Network shutdown at a critical third-party vendor reduces or completely stops operations for the named insured.

Cyber insurance with the proper system failure insurance wording covers business interruption losses and extra expenses until the vendor recovers or coverage period runs out.

Hackers enter the network and turn off safety measures, leading to a massive pollution event.

A Pollution policy without a network security exclusion would have primary responsibility for assisting with clean-up expenses. A Cyber policy with proper pollution exclusion amendments assists with IT forensics, regulatory investigations, and possibly, business interruptions.

Cyber thieves spoof the corporate controller into wiring $500,000 to a fictitious vendor account.

Crime insurance assists with repayment of unrecoverable funds. Cyber insurance assists with the forensic investigation to ensure that the client’s computer network hasn’t been compromised. A Cyber policy may have a sublimit for cybercrime, as well.

Hackers enter the client network and exfiltrate thousands of personal health and financial records of current and former employees.

Cyber insurance helps with legal and IT forensics, notification and public relations expenses, regulatory investigations, establishment of call centers, credit and identity monitoring, fraud resolution and more.


As threats continually evolve, it is virtually impossible to adequately prepare for every type of cyber-attack; however, appropriate coverage can play a key role in mitigating risk.  As a result, brokers are advised to ask their clients numerous and detailed questions regarding their threats, in order to assist brokers and underwriters in effectively matching risks with insurance solutions.


About the Author

This article was authored by Megan North, a Professional Lines broker with AmWINS Brokerage of Texas in Dallas.

Contact Us

To learn more about how AmWINS can help you place coverage for your clients, reach out to your local AmWINS broker.  If you do not have a contact at AmWINS, please click here.

Legal Disclaimer. Views expressed here do not constitute legal advice. The information contained herein is for general guidance of matter only and not for the purpose of providing legal advice. Discussion of insurance policy language is descriptive only. Every policy has different policy language. Coverage afforded under any insurance policy issued is subject to individual policy terms and conditions. Please refer to your policy for the actual language.

(c) 2017 AmWINS Group, Inc.

Most Popular Insights

State of the Market - Q2 2020


Our Q2 2020 State of the Market report provides a holistic view of highly impacted industry segments as well as overall market trends. This report is designed to help our retailers gain the knowledge they need to retain accounts, write new business, overcome challenges and capitalize on opportunities that do exist.

On-Demand Webinar: COVID-19 Economic Impact and Future Outlook


As a result of the COVID-19 crisis, our industry is facing a broad array of challenges that impact insureds of every size and in every industry. In the first of a series of webinars, we hear from an economist on the financial impacts of COVID-19 and what we can expect in the future. This webinar is intended to complement your conversations with clients about how to plan for the next 12 to 24 months.

Insurance Impacts of COVID-19 on the Healthcare and Senior Living Industry


As the healthcare industry remains on the front lines of battling the COVID-19 pandemic, staying abreast of the changing landscape and how the insurance market is adapting is critical to ensure new exposures are covered and renewals are successfully placed. In this article, our specialists share what they are seeing in the Healthcare and Senior Care markets, tips for risk control and mitigation, and how to get the best results for insureds.

COVID-19 – Are Your Clients Covered?


The disruption to business and everyday life caused by the coronavirus (COVID-19) pandemic is resulting in an economic impact for insureds. Much of this disruption is likely not covered by insurance. We have consulted with several AmWINS insurance specialists across the Property, Casualty and Professional Lines sectors and offer a COVID-19 update.

How Parametric Products Benefit Catastrophe-Driven Risk Transfer


Parametric insurance is an innovative product that functions differently than traditional insurance by covering the impacts of an event and not just losses sustained to an asset. Proceeds of the policy are paid quickly and can be used flexibly to cover any expense associated with the triggering event. Coverages can be designed to capture the impacts of natural perils and other forms of non-damage business interruptions such as future epidemics. Learn how the parametric landscape has and will continue to play a major role in improving coverage and the recovery experience.

From Seed to Sale: The Top 5 Issues Impacting the Cannabis Insurance Industry


​Over the last few years, the legal cannabis industry has seen rapid growth and had a significant impact on the U.S. economy. With states continuing to legalize its use, insurance needs for cannabis-related businesses are becoming a popular topic of discussion. This article examines the evolving cannabis industry by exploring five key issues impacting coverage.

Four Key Additional Insured Endorsements for Contractors

Construction contract negotiations, which determine the kind and amount of insurance required for a construction project, can be time-consuming, complicated and frustrating. Project owners require contractors on a project to name the project owner as an additional insured on the contractor’s casualty insurance program. It's important that both project owners and contractors understand the coverage provided by these additional insured endorsements. This article discusses four common ISO additional insured endorsements related to commercial general liability policies purchased by contractors, including their limitations, conditions and exclusions.

Understanding Property Theories of Recovery and Ensuing Loss Clauses

​The theories of recovery, as well as the ensuing loss provisions, contained in property insurance policies are often complex and, at times, seemingly in conflict. Although a policy may not directly address these theories, their application by courts plays a significant role in the coverage determination process after the claim. It is essential that brokers understand the primary theories of recovery – Efficient Proximate Cause, the Concurrent Causation Doctrine, and the Anti-Concurrent Causation Doctrine – in order to navigate the challenging post-claim process and effectively serve their clients.

Sign Up For Our Monthly Newsletter

Sign Up