Carrier Management
Run Time: 29:07

EP. 15: Experts Call Colonial Pipeline Attack a Wake-Up Call, Say Bigger Attacks Could Be Ahead

1 Star2 Stars (+263 rating, 263 votes)


Embed Video

Use the below code to add this video to your website.

Cyber experts are saying that the Colonial Pipeline attack, in which ransomware took down 5,500 miles of critical infrastructure along one of the nation’s largest pipelines, should be a wake up call for all companies to prioritize their cyber hygiene.

“This is everyday, every company, every nonprofit, every municipality,” says Catherine Lyle, head of claims at Coalition, on this week’s episode of the Insuring Cyber Podcast. “If you're doing business, or you're using the internet, or you have security and you use a computer, you're one of them.”

Megan North, vice president and broker at Amwins, also says in this podcast episode that cyber criminals are looking for the lowest hanging fruit.

“Even if the business has the absolute best controls, the reality is that their cybersecurity has to be right 100% of the time for them to be fully protected,” she says.

While there is talk that some insurers are pulling back on coverage regarding ransomware or even eliminating it, Lyle says traditional carriers need to understand that this is a further disservice to companies and nonprofits already finding themselves increasingly vulnerable to these types of attacks.

“While we know that all security is not foolproof, insurance is very important as a risk transfer for these things,” she says, adding that carriers need to underwrite better and push companies to have better security so that they can get insurance in the first place.

She said companies need to do their part too by understanding the importance of prioritizing insurance coverage that protects them against these types of attacks.

“Whether or not someone has insurance isn't what makes it that they're a target, it just makes it that they're a wiser company because they've actually made that risk transfer by applying and getting insurance,” she says.

North adds that from an insurance perspective, the recent Colonial Pipeline attack has highlighted the physical impacts that a cyber event can have.

“When cyber insurance was first designed, it was really a product built to respond to loss or disclosure of data and private information,” she says. “But recent events really have shown us that there's even more of a metamorphosis, if you will, to the physical realm, the physical side of loss.”

In fact, Lyle shares in this episode a story about one of Coalition’s manufacturing clients that recently experienced physical damage due to a ransomware attack, a business interruption expense she says some carriers don’t cover.

“Even though the computer system is back up and running, you're not able to run the entire manufacturing system, and so they incur more business interruption,” she says. “And that’s an area where some carriers aren't covering.”

Ransomware attacks, not only on the critical infrastructure and energy sector but across all industries, have become more severe and common recently. This means that from an insurance company perspective, it’s no longer just a cyber or professional lines issue but one that is permeating across all lines, North says.

“From a regulatory standpoint, it's no longer simply a data privacy issue," she adds. "It's now a risk which threatens the very fabric of how our country operates and how people live on a daily basis."

Indeed, ransomware attacks increased by a huge amount – 485% - in 2020 globally, accounting for nearly one quarter of all cyber incidents, according to software company Bitdefender. With this in mind, could an attack even bigger than the recent Colonial Pipeline event be on the horizon for the critical infrastructure and energy space?

“I definitely wouldn't count it out,” North says. “I'd say it's certainly possible. As scary as it is to verbalize and think about, I do think it's a real possibility.”

A spokesperson from Colonial Pipeline was not available to comment for this episode by press time. Check out the rest of this episode to see what else Catherine and Megan have to say, and be sure to check back for new episodes publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.

Other videos you might like: