On May 7, 2021, pipeline operator Colonial Pipeline Company suffered a ransomware cyberattack on its namesake Colonial Pipeline. Hackers attacked computerized management equipment, effectively freezing one of the largest pipelines responsible for delivering gasoline and jet fuel across the Southeastern United States. The attack was the largest of its kind on an oil infrastructure target in United States history.
With FBI assistance, the company paid a $4.4 million ransom to restore pipeline operations. Law enforcement agencies and media sources identified DarkSide, a criminal hacking group, as the culprit.
In the wake of the attack, developers of energy projects which rely on pipelines to deliver products (from traditional oil to renewable natural gas) find themselves exposed to the new risk of ransomware attacks – a risk which security technology is still struggling to address. In the meantime, energy project stakeholders (from financing sources to offtake customers) are turning to cyber risk insurance for protection. Project financiers and offtake customers to whom firm delivery obligations are owed are increasingly seeking evidence of cyber risk coverage during diligence efforts. But not all policies are created equal; selecting the coverage most appropriate to a project requires an understanding of the types of coverage available and common exclusions.
Continue Reading Cyber Risk Insurance in the Wake of the Colonial Pipeline Cyberattack