Houston attorney Mark Thibodeaux, Deputy Practice Leader of the Cybersecurity and Privacy team for Sutherland Asbill & Brennan, was quoted by Law360 in an article exploring liability risks from cyberattacks on energy companies.
“The biggest security risk for the energy industry is these cyber-physical attacks, it’s not just data being stolen and moved around. The big liability risk is a power grid shutdown, or an overpressured pipeline, or a drilling rig in the Gulf of Mexico that is attacked and causes a major oil spill,” Mr. Thibodeaux said in an article headlined “5 Ways Energy Cos. Can Limit Legal Fallout From Attacks” (subscription required).
The article notes that the U.S. Department of Homeland Security and the Federal Energy Regulatory Commission are just two of the regulatory agencies putting pressure on oil and gas and power companies to make every effort to protect their increasingly automated layers of industrial controls. And while energy infrastructure companies are heavily insured, damages or losses from cyberattacks may be excluded, or greatly limited by insurance policies.
A Lloyd’s of London report estimated that a cyberattack that shuts down significant portions of the U.S. electric grid could have a $1 trillion impact on the U.S. economy, with insurers paying out more than $70 billion in claims.
“There’s not enough insurance in the world to cover a major event affecting a large portion of the grid,” Mr. Thibodeaux said.
He noted that energy companies also need to protect against contractors accidentally compromising their cybersecurity protections and should explore this question: “Does your contractor have deep enough pockets to protect you?”
