Bloomberg Intelligence has said that the recent attack on Colonial Pipeline serves as a “timely reminder” of the vulnerability of energy infrastructure and the need for cyber insurance.
BI cited a recent report by the Center for Strategic and International Studies in partnership with McAfee which estimates the annual monetary cost of cyber-crime at $945 billion.
When added to global spending on cybersecurity of around $145 billion, this puts the economic cost of cyber-crime at more than $1 trillion.
Part of the reason for the cost is better reporting but the bill is also growing because of increasing use of ransomware and phishing-related ploys, BI notes.
Popular targets for cyber criminals now include healthcare bodies, pharmaceutical companies, academia, medical research groups and local governments.
“The Colonial Pipeline attack isn’t the first on a US energy facility. Aging US energy and power infrastructure makes it particularly vulnerable to cyberattack threats in our view” said BI Senior Industry Analyst Charles Graham.
According to BI, a cyberattack on US energy infrastructure has long been flagged as a major risk by insurers with a report by Lloyds’ of London and University of Cambridge warning in 2015 that the cost of an attack could rise to more than $1 trillion in the most extreme scenario.
Industries at particular risk include manufacturing, shipping, energy, and transportation as all rely on industrial control systems which when breached can lead to major insured losses from explosions and safety system failures.
Those risks are driving demand for cyber insurance protection with Munich Re forecasting it will rise to $20 billion by 2025 compared with $3.25 billion in 2016. However, some industry experts warn cyber-attacks are virtually uninsurable.