The energy sector’s vulnerability to cyber attacks will prove costly unless effective market solutions are found, says Willis

Globally, cyber attacks will cost oil and gas firms about €1.24bn according to Willis’s Energy Market Review 2014, released today.

Poor practices, market vulnerabilities and an increasing global dependence on energy providers makes these firms an ideal target for state actors and mercenary hackers, according to Willis, which reports 40% of all cyber attacks on US critical infrastructure in 2012 were inflicted on the energy industry.

Willis energy global communications director and editor of the review Robin Somerville said energy firms are vulnerable to cyber attacks because the majority are still using internet-facing control systems that are relatively easy for hackers to infiltrate.

Furthermore, many facilities are bypassing the emergency shutdown system for extended periods of time, which, in the event of a cyber attack, would provide the hacker(s) with a better chance of accessing the control system, despite insurers highlighting the poor practice for more than 25 years.

Somerville said a market response is much needed to fill the gap currently left by available policies that do not include catastrophic damages inflicted by cyber attacks.

Speaking at the launch of the broker’s Energy Market Review 2014, Somerville said: “A combination of underwriting expertise in the energy market, cyber market and political violence market is required to produce an energy industry cyber attack product.”