Re/insurance broker Aon and Guidewire Software, a platform provider for property and casualty (P&C) re/insurers, have collaborated on a scenario that models insured losses related to a hypothetical cyber attack on a U.S hydroelectric dam.
The scenario analysed an attack in which a hacker opens the flood gates of a hydroelectric dam and estimated that such an incident could cause economic losses of up to $56 billion for local businesses and communities.
Additionally, Aon and Guidewire said that an attack of this nature could lead to an estimated $10 billion insured loss for flood due to silent cyber exposure.
The scenario also revealed a significant protection gap as many affected homeowners and businesses fell outside of flood hazard areas, where insurance take-up is as low as 12% in some instances.
There are over 90,000 dams in the U.S, providing irrigation, hydroelectric power, flood control, and recreation, many of which could be susceptible to cyber attacks due to their reliance on technology and automation.
Aon and Guidewire analysed the potential impacts of the cyber attack scenario on three dams, selected to reflect a small, medium and large exposure, respectively.
The scenario estimated that commercial insurance losses could range from $585 million up to $5.4 billion across the three dam variants, while National Flood Insurance Program (NFIP) losses could range from negligible to approximately $4.4 billion.
In the large exposure scenario, reinsurers may also absorb some of the losses, Aon and Guidewire said, as property reinsurance treaties would provide for direct physical loss resulting from a cyber attack.
This would also have implications for reinsurers of the NFIP, although treaty protection is generally for named perils, so insurers should ensure that flood is on the list, Aon and Guidewire suggested.
“Insurers must consider how changing technologies can cause ‘established’ perils such as flood to morph into new risks, with resulting changes to frequency and severity,” said Jonathan Laux, Head of Cyber Analytics for Aon’s Reinsurance Solutions business.
“By using scenarios such as this one, insurers have the ability to stress test their portfolios against new and emerging perils created by cyber risk,” Laux added. “With that knowledge, insurers can take steps to mitigate risk, through reinsurance as well as working with businesses to increase their resilience.”
Matt Honea, Director of Cyber at Guidewire, also commented: “We face a huge challenge today, securing not only all laptops and phones, but all network connected devices. These connected devices are automating human tasks by powering more equipment and processing systems. We bring focus to these dam scenarios to highlight concrete examples of an extreme cyber event.”