Hunton Insurance Recovery Blog

In today’s interconnected society, a cyber breach is inevitable. For energy companies in particular, the threat is even more acute as cyber security improvements lag behind the rapid digitalization in oil and gas operations. One recent cyber security report stated that 68% of respondents reported that their organization experienced at least one cyber compromise. And, just last week, it was disclosed that hackers used sophisticated malware, called “Triton,” to take control of a key safety device at a power plant in Saudi Arabia. Find our analysis of this latest attack on the blog here .

For oil and gas companies, cyber risk mitigation and resilience are paramount. These goals are attainable with adequate cyber insurance and comprehensive traditional policies, such as crime, pollution liability, and general liability policies, that minimize coverage gaps when traditional pollution events and bodily injuries result from cyber-attacks.

Hunton insurance lawyers Lawrence Bracken, Michael Levine, and Geoffrey Fehling recently published an article in the American Oil & Gas Reporter that explores the biggest cyber threats facing the oil and gas industry. For example, they report that “[t]hree of the most worrisome attack vectors include manipulating stock information to dynamically change pricing information, hacking burner management systems to engineer oil tank explosions, and manipulating temperature or pressure measurements on remote plant equipment to trigger breakdowns in remote facilities. Other potential losses include plant shutdowns, service interruptions, facility shutdowns, compromised product quality, undetected spills, bodily injury resulting from equipment malfunctions, and release of personally identifiable information, trade secrets or other financial data.” Given these risks, they go on to explain how oil and gas companies can insure residual cyber risk and provide analysis of common coverage issues that oil and gas industry insureds face in securing policy benefits following a cyber event. Finally, the authors suggest best practices for minimizing cyber risk and supply chain disruption moving forward. A copy of the article is available here.