When Environmental and Cyber Risks Meet
Ever since the late 1960s environmental risks and how to insure them have been an ongoing issue in the insurance industry. In recent years cyber risk has taken on growing importance. Now we must consider the likelihood that cyber attacks will trigger environmental losses, and ask who will insure the resulting claims.
Cyber attacks on infrastructure resulting in environmental claims are not a new phenomenon. As far back as 1994, a hacker accessed the Salt River Water Project computers to gain control of water levels. More recent attacks have targeted sewage treatment, nuclear power, electric power, energy, manufacturing and healthcare systems. With the growth in the Internet of Things the threats will only increase. Small businesses such as gas stations and auto mechanics will be impacted as much as large organizations.
As cyber insurance evolves some insurers are covering bodily injury and property damage in addition to data breaches. However, cyber policies may have a pollution exclusion. These exclusions will either have to be deleted or have an exception for pollution triggered by a covered incident if cyber policies are to cover environmental claims.
Environmental policies are more settled. They cover bodily injury, property damage, environmental damage and response costs. Unless cyber attacks are excluded, a loss is covered. However, organizations that only consider traditional sources of contamination may not realize they are at risk for environmental loss from a cyber attack, and not have coverage in place.
As risks continue to evolve, organizations must continue to review their exposures and ask if their insurance is up to date. Beacon is ready to assist you.