A new breed of cyber insurance product has been launched by Lloyd’s of London insurer Aegis. The launch follows a major study of the evolution of cyber risk in the energy sector and its impact on critical infrastructure businesses.

In addition to data protection and privacy issues – the staple of first-generation cyber policies – Aegis CyberResilience offers businesses protection for operational technology and critical infrastructure.

The Aegis study and new product offering are a direct response to the growing number of attempted attacks on the energy and utility sector. In the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China.

The study focused on power and utility companies based in the US, UK, Canada and Europe. Conducted on behalf of Aegis by BAE Systems Applied Intelligence, the study found that the overwhelming majority of respondents, as well as specialists and vendors who work with energy companies and utilities, believe it is not a matter of “if” – but “when” – there will be a cyber attack of major significance and impact on critical operational infrastructure such as the electric grid.

The new Aegis CyberResilience product is designed to help protect critical operational technology and assets, before and after a cyber attack. The product combines liability, business interruption and terrorism coverage with a service-based offering that consists of cyber underwriting assessment, risk management consultancy, loss control, threat analysis, incident response and vulnerability management.

Alan Maguire, chairman of Aegis London, said: “Cyber attacks are no longer focused solely on IT environments. Cyber terrorists have turned their attention to operational technologies and the critical infrastructure they support, so we have expanded our coverage accordingly. Our new CyberResilience coverage is offered in conjunction with specialised pre- and post-attack services provided by our cybersecurity partners who are global experts in the critical infrastructure industry. Now, for the first time, businesses can obtain secure and reliable cyber insurance cover and service-based offerings for both operational and information technology.”

David Croom-Johnson, active underwriter at Aegis London, said: “We believe that vulnerabilities in and threats to operational technology have the potential to lead to business interruption or significant loss of operating capability and availability. These represent some of the most acute organisational risks currently facing critical infrastructure, which is why we developed CyberResilience. However, this is only our first step in evolving a complete suite of products and services around global critical infrastructure cybersecurity.”

Share Story: