Who would have thought a podcast on insurance would be one of my favorite and most interesting I’ve done in the past few years.
I spoke with Eireann Leverett and Jennifer Copic of the University of Cambridge Centre for Risk Studies. They were two of the researchers who helped Lloyds put together the paper Business Blackout: The insurance implications of a cyber attack on the US power grid.
While the temptation will be great for loyal blog readers to focus on the scenario for the blackout, that is the least important part of the paper.
In the podcast we talk a lot about what types of insurance would likely cover an incident with the scenario’s impact. What factors would make a claim covered or not covered. All risks cover, silent cover, advanced or affirmative coverage and other important terms are defined and discussed.
We also delve into how this insurance will be written given the lack of data. This is not the first time Lloyds and others have dealt with this problem, so it is not insurmountable.
After listening to this episode multiple times I’m more convinced that cyber insurance for ICS / OT is coming. Owner/operators will want to transfer risk once a true risk management program is in place. The cybersecurity framework and other factors, such as C-levels and boards awakening to the risks they are unknowingly accepting, are beginning to drive informed risk management programs. Insurance and reinsurance companies are always looking for new and growing markets. This is important information for mid and top level management at owner/operators.