Cyber Risk Insurance in the Wake of the Colonial Pipeline Cyberattack

Husch Blackwell LLP
Contact

On May 7, 2021, pipeline operator Colonial Pipeline Company suffered a ransomware cyberattack on its namesake Colonial Pipeline. Hackers attacked computerized management equipment, effectively freezing one of the largest pipelines responsible for delivering gasoline and jet fuel across the Southeastern United States. The attack was the largest of its kind on an oil infrastructure target in United States history.

With FBI assistance, the company paid a $4.4 million ransom to restore pipeline operations. Law enforcement agencies and media sources identified DarkSide, a criminal hacking group, as the culprit.

In the wake of the attack, developers of energy projects which rely on pipelines to deliver products (from traditional oil to renewable natural gas) find themselves exposed to the new risk of ransomware attacks – a risk which security technology is still struggling to address. In the meantime, energy project stakeholders (from financing sources to offtake customers) are turning to cyber risk insurance for protection. Project financiers and offtake customers to whom firm delivery obligations are owed are increasingly seeking evidence of cyber risk coverage during diligence efforts. But not all policies are created equal; selecting the coverage most appropriate to a project requires an understanding of the types of coverage available and common exclusions.

The most common insurable cyber risks involve dangers to privacy, security, operations, and service. Generally, cyber risk coverage addresses these risks through four distinct insuring agreements: network security, network business interruption, media liability, and errors and omissions. Of those, the agreement most applicable to cyberattacks like the one to which the Colonial Pipeline fell victim, deals with network security.

Often, network security coverage provides protection against both first party costs (those suffered directly by an insured) and third-party costs (those suffered directly by a party other than the insured) incurred as the result of a network security failure (which can include a data breach, malware infection, cyber extortion demand, ransomware attack, or business e-mail compromise). First-party covered costs typically include legal expenses, IT forensics, negotiation and payment of ransomware demands, data restoration, public relations assistance, and – if applicable – credit monitoring and identity restoration. Some policies also provide for the potential recovery of lost profits and extra costs incurred due to business interruptions.

While most cyber risk policies contain some combination of the above protections, the variety of carriers entering the market makes navigating products daunting. Companies need to sift policies for exclusions of future lost profits, for example, and determine what gaps in cyber risk coverage more traditional insurance products, like property liability and general liability coverages, might address. They also need to brace for rigorous underwriting. Given the recent increase in remote work and telecommuting, carriers are increasingly wary of inadequate security controls and unsecured networks. Moreover, recent cyber attacks have resulted in considerable carrier payouts – making good responses to underwriting requirements essential to securing affordable coverage without onerous exclusions. Professional advisors familiar with the cyber risk insurance market can be essential to securing the coverage businesses need.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Husch Blackwell LLP | Attorney Advertising

Written by:

Husch Blackwell LLP
Contact
more
less

Husch Blackwell LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.