Across all industries, innovation; the ability to adapt to changing market circumstances and create a competitive advantage, is vital for business resilience.Innovation can take many forms. Releasing new products, entering new markets, or changing processes to become more efficient are all examples which can bring significant opportunities.
In 2019, innovation across many sectors is focused on embracing digital technologies such as the Internet of Things and machine learning. Whilst the impact of these advancements could be significant, innovation can also bring risks. In industries which rely on machinery, digitisation and greater connectivity could result in physical damage to equipment and property as a consequence of increased exposure to cyber attacks.
These exposures can appear in a variety of different forms. Of particular concern in the power generation industry is the potential for industrial control systems to be compromised. Greater interconnectivity of machinery and operating systems, specifically designed to be remotely accessed, increases the opportunity for cyber related disruption.
If a cyber attacker maliciously causes a piece of machinery, such as a turbine, to over speed it could lead to various escalating issues, including: increased vibrations, overheating, blade liberation and finally an explosive destruction of the turbine, from which a fire is likely to follow. In this case, one cyber-attack could cause an entire facility to become unable to operate as intended, potentially losing a business revenue and market share.
Cyber-crime tactics and targets are becoming ever more sophisticated. Motives increasingly go beyond financial gain to disrupting or destroying national infrastructure, with industrial control systems becoming increasingly likely to be targeted.
The potential damage sustained makes the argument for the importance of comprehensive risk management within the power generation industry clear. In many markets, legislators are swiftly facing-up to the threat that power generators face, and the potential security and societal effects a loss could cause.
On 1st April 2019 the Swedish government introduced the Protective Security Act which expands the legislative framework of safeguards to shield the country’s critical infrastructure from cyber-attacks. This legislation requires that various industries operating in Sweden, including energy suppliers, undertake preventive measures including stringent cybersecurity requirements to better protect information and critical operations.
With the escalation in the number and type of threats as well as their severity, Sweden recognised the disruptive potential of such attacks, especially against vital public services and critical infrastructure for the country.
Of particular concern for legislators in Sweden, was that many companies were not aware of their cyber preparedness levels; reducing trust that nationally critical infrastructure is adequately protected.
Fortunately, third-party experts are able to work with power generators and help them to better understand cyber risk exposure, ensuring that the new requirements of the Protective Security Act are met.
As a global commercial property insurer, we at FM Global continue to refine our systematic approach to mitigating cyber risk. It’s why our team of cyber experts developed the patented Cyber Risk Assessment tool to help reduce our clients’ vulnerabilities at the enterprise level.
The assessment provides insight into cyber exposure, after which appropriate risk management actions, including; creating policies that limit data access to only those that need it, improving physical security
to sensitive areas and data centres, encrypting data and implementing two-factor authentication should be enforced.
Modernisation is vital within any competitive market, but the power generation industry must be aware that innovating can create new exposures. Facilitating adoption of innovation while managing the risks involved depends on a clear understanding of these risks, and partnership with a knowledgeable insurer can help significantly with this. At the same time, utilising tools to accurately assess and mitigate emerging risks, such as cyber, can help companies ensure innovation leads to resilience, rather than disruption.
For more information:
Vice President, Branch Manager
FM Insurance Europe S.A. – Nordic Branch
Birger Jarlsgatan 27, SE-111 45 Stockholm
P.O. Box 3169, 103 63 Stockholm
Tel: + 46 (0)8 453 92 01
Mobile: + 46 (0) 70 372 32 32