Skip to main content
main content, press tab to continue
Campaign

Cyber spotlights on the natural resources industry: Identify, assess, protect

Dive into cyber spotlights on notable incidents, latest threats, current trends, and tailored solutions for the natural resources industry.

This spotlight delivers an overview of the latest cyber risks impacting the sector, including recent incidents and emerging exposures. We also highlight our specialised insurance solutions designed to address the unique cyber vulnerabilities faced by power and utilities, renewables, sustainable fuels, oil and gas and mining companies. Use our insights to enhance your organisation’s cyber risk management approach.

What cyber incidents have we seen from the natural resources industry?

The increased frequency of these incidents reflects the heightened cyber risk landscape in the natural resources sector. Understanding the scope and ramifications of such incidents will inform your organisation’s ability to effectively develop risk management and transfer strategies.

On July 19, cyber security company CrowdStrike released a flawed software update to Falcon Sensor, their vulnerability scanner that detects system intrusions and hacking attempts. The update disrupted 8.5 million computers worldwide that used the Windows operating system. The U.S. Department of Energy, utility regulators in Texas and Ohio, and a number of utilities were among those impacted. The Public Utilities Commission of Texas posted on social media that its website was adversely affected by the outage and the Public Utilities Commission of Ohio said the event impacted their docketing information system and call centre. The US Department of Energy’s website was down for a couple of hours, whilst New York State Electric & Gas confirmed its customer electricity outage information was unavailable due to the outage.

Australian gold mining company announces a ransomware attack impacting IT systems. External forensic experts have investigated the incident and attack believed to be contained. No material impact on operations is expected.

A global leader in energy technology (renewable and conventional power products and services) was targeted in a cyber attack involving the Clop ransomware group, which exploited the MOVEit Transfer software vulnerability. While the company reported that no critical data was stolen, the breach underscored the vulnerability of their IT systems, potentially risking operational integrity and financial stability.

A German wind turbine manufacturer, experienced a cyber-attack that led to the disruption of their IT systems. The attack forced the company to take several wind turbines offline temporarily to secure its network, highlighting the vulnerability of wind energy systems to cyber threats and the potential for significant operational and financial impacts.

Hacking group Predatory Sparrow are believed to be behind a cyber-attack on an Iranian steel plant causing a serious fire.

The database of an Indonesian oil and natural gas company was compromised by unauthorised third parties and shared online (Canopius Energy & Utilities: Threat Intelligence Report Q1 2024)

A campaign targeted spearphishing emails to various bodies, including energy and utilities companies (Canopius Energy & Utilities: Threat Intelligence Report Q1 2024)

Cyber insurance claims we have seen from the natural resources industry

Below are anonymised recent natural resources sector cyber claims handled by WTW’s claims team:

laptop-error

Ransomware attack

Our client, an offshore oil and gas company, suffered a ransomware attack on their US-located corporate server. Information on the server was limited and so, upon review of the data on the server and back-up process, the decision was made not to pay the ransom. However, incident response costs still exceeded the retention.

laptop-error

Unauthorised access to company network

Another insured’s environment was compromised through an unpatched server. The insured was concerned that data was exfiltrated by the threat actors who were identified and were known for selling data on the dark web. Security experts and other vendors were appointed at insurers’ expense.

fraud

Hacking damage

The insured discovered malware on a payment application development server located in a third-party data centre. The malware was of a type associated with denial-of-service attacks. Legal, forensic and breach response assets were engaged.

Source: WTW proprietary claims data


Cyber threat trends in the natural resources sector

Geopolitical climate and critical infrastructure targets: The natural resources industry is highlighted as a key industry to be targeted by the growing threat of cyberattacks on critical infrastructure. Noting the increasing sophistication and scale of cyber-attacks, for the energy sector the increased connectivity of distributed grids accompanies concerns on reliability and geopolitical threats. A 2023 study shows that cyber actors exploit the heightened dependence of critical infrastructure on digital connectivity, data and critical infrastructure (Riggs et al., 2023)

The National Cyber Security Centre in UK and Cybersecurity & Infrastructure Security Agency in the US continue to warn of threat to national critical infrastructure due to the ongoing conflict in the Ukraine (NCSC, 2023; CISA, 2024)
(Riggs, H., Tufail, S., Parvez, I., Tariq, M., Khan, M.A., Amir, A., Vuda, K.V. and Sarwat, A.I., 2023. Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure. Sensors, 23(8), p.4060.)

Insurers are seeing a notable increase in attacks targeting ICS/SCADA systems in the last two years and into early 2024. Upticks potentially linked to the geopolitical climate. Could such a trend points to potential for increases in property damage losses resulting from cyber-attacks in the future? (Canopius Energy & Utilities: Threat Intelligence Report Q1 2024)

Increasing connectivity of operational technology in the renewable energy sector: A study presented at the 2023 IEEE International Conference highlighted that offshore wind farms using voltage source converter-based high voltage direct current (VSC-HVDC) connections are particularly vulnerable to cyber-attacks. These attacks could compromise sensor data, leading to power oscillations, potential blackouts, and equipment damage. The study underscores the need for enhanced cybersecurity measures to protect these critical infrastructures.

Ransomware attacks: The oil and gas, water, and mining sectors have seen an enormous increase in the number and sophistication of ransomware attacks in particular (Industrial and energy groups warned of need for stronger cyber defence, Financial Times 16 January 2024).

Increasing contractual obligations to purchase cyber: Natural resources companies increasingly have the purchase of cyber insurance as a contractual requirement.

Cyber regulation in the energy and utilities sectors

The NIS 2 Directive must be implemented by European Union (EU) member states by 17 October 2024. The directive aims to achieve a common level of cybersecurity across the EU, imposing stricter cyber-security requirements with regard to risk management, incident reporting and the exchange of information. It comes in response to the escalating threats brought on by digital transformation and the rise in cyber-attacks, and replaces the Network and Information Security (NIS) Directive of 2016, which will be repealed with effect from 18 October 2024.

Like the 2016 Directive, the new directive will inevitably be mirrored by the EU’s closest trading partners including the UK and those members of the European Economic Area (EEA) who are not already members of the EU (eg Norway). It bears other similarities to the 2016 Directive, laying down obligations that require Member States to adopt national cybersecurity strategies and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecurity, and computer security incident response teams (CSIRTs). Essential sectors – including air transportation and space - will be covered by the Directive.

In order to achieve greater harmonisation than was the case with the 2016 Directive, NIS 2 sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each Member State. It formally establishes the European cyber crisis liaison organisation network (EU-CyCLONe), which will support the coordinated management of large-scale cybersecurity incidents and crises at the operational level and ensure the regular exchange of relevant information.

Our perspective on cyber market trends for the natural resources industry

The London cyber insurance market is certainly open for natural resources. For the well managed operation it is also a very competitive environment where insurers are increasingly flexible.

The recent CrowdStrike event caused a review of underwriting appetite for some insurers when it concerns supply chain operations and third parties supporting clients’ internal networks but as yet has not caused the realignment that was initially expected. This isn’t unique to natural resources; this is across the cyber insurance space irrespective of industry.

The ongoing concerns around critical infrastructure continue to limit appetite for natural resources at a small pool of insurers. For the last few years this has been consistent messaging from these insurers but with the key insurers who are comfortable in this space the growth in capacity and eagerness to support makes up for the few insurers that shy away.

For some natural resource operations, ESG (Environmental, Social and Governance) still has a significant role in insurer appetite even in cyber risk so this will need to be considered when looking for a risk transfer solution.

How WTW can help with identifying, assessing, and protecting your business

SOLUTION

Concerned, confused, or curious?

WTW is here to help you and your organization identify, assess, and protect itself against cyber risks. Our team of cyber specialists, with years of experience in your industry, will provide you with peace of mind, allowing you to focus on your day-to-day role.

Contact us