The EPA Water Infrastructure & Cyber Resilience Division (WICRD) recently produced a factsheet entitled “Cyber Insurance for Drinking Water and Wastewater Systems.” The factsheet provides water systems with a simplified guide to assist in the selection of cyber insurance to protect them against computer-related crimes and losses.
Cyber insurance is becoming a consistent commodity among organizations who regularly assess risk. Recent data suggests that the market views the risk of cyber incidents as worth the cost of insurance. Although the number of cyber insurance claims have reached record levels, the actual cost of premiums has declined despite the surge in attacks and claims. This is perhaps due to the increasing number of organizations purchasing cyber insurance, increased competition, and market expansion as threats driving the market changes have risen. All of this shows how it’s more important than ever for organizations to at least consider getting some kind of cyber insurance policy.
So how do water sector organizations decide what’s best for them? The EPA’s factsheet is designed to help answer this question. It includes guidance surrounding the types of coverage, important policy considerations, what to expect during underwriting, how to assess your organization’s cyber risk, and more. WaterISAC encourages members to review the fact sheet along with your risk assessment if your organization has one. Access the full factsheet at EPA.
A few excerpts from the fact sheet:
Cyber insurance can help:
- Drive cyber risk assessment
- Support incident response
- Build resilience
Why Should Water Systems Consider Cyber Insurance?
Cyber insurance can play an important role in a comprehensive cyber risk management strategy. Cyber incidents can cause significant damage to operations and finances, so water systems must be proactive in protecting their facilities. The benefit of retaining cyber insurance is reducing overall financial risk to cover cybersecurity incidents.
Cyber insurance protects organizations from the financial impact of cyber incidents and data breaches. It covers costs related to future cyber incident response and system recovery, provides access to experts (e.g., forensics, negotiations, legal, public relations) who can assist in training for and mitigating the impacts of cyber incidents, and bolsters customer confidence that a utility is prepared in the event of an incident. Cyber insurance is a key part of an organization’s cybersecurity strategy that also includes proactive cyber risk management, controls, and defenses.
Additional Resources:
- Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders | Sophos
- Cyber insurance: How to achieve the right coverage | SC Media
- Global Cyber Insurance Premiums Decline Despite Ransomware Surge | Tripwire
- Cyber Insurance Claims Hit Record High in North America | Infosecurity Magazine
