Weak controls are resulting in Energy firms being refused cyber-defence insurance, revealed a BBC report late February 2014.
The news in brief:
The number of energy and power firms seeking cyber insurance has seen a huge increase and a large proportion of these are being turned down.
Surveyor risk assessments of cyber-defences within unsuccessful applicants have found serious weaknesses.
Growing complexity and size of networks managed by power companies and difficulty recruiting staff with necessary skills to “defend” these systems have left power firms exposed to greater levels of risk.
Legacy software widely used to relay critical information has also been criticised for poor security controls and deemed “very hackable”.
While insurance only covers against financial losses, risk management framework with effective controls, decreases likelihood of an incident occurring and increases organisational preparedness against potential threats by fully considering their wider impact. Energy firms who have identified poor controls need to seriously assess how they can better protect their firms against increasingly sophisticated cyber-threats. Incidentally, insurance will be then be easier to secure.