Aon plc (NYSE:AON), a leading global professional services firm providing a broad range of risk, retirement, and health solutions and Guidewire Software (NYSE: GWRE), provider of the industry platform Property and Casualty (P&C) insurers rely upon, have launched a scenario for a hypothetical attack by hackers on a U.S. hydroelectric dam, which could impact both U.S. businesses and homeowners.
There are over 90,000 dams in the U.S., providing irrigation, hydroelectric power, flood control, and recreation. While technology and automation improve dam safety and operation, they also create new risks.
In this scenario developed by Aon and Guidewire’s Cyence Risk Analytics team, part of Guidewire’s Analytics and Data Services unit, a hacker seeks to create significant disruption in the U.S. by opening the flood gates at a hydroelectric dam. If such a scenario were to occur it would likely cause significant downstream flood damages, resulting in ‘silent cyber’ losses for insurers. Silent cyber risk is the potential for cyber perils to trigger losses on traditional insurance policies – such as property or casualty – where coverage is unintentional or unpriced.
Aon and Guidewire analyzed the potential impacts of the scenario at three dams, selected to reflect a small, a medium, and a large exposure respectively. The key findings were that a cyberattack could cause:
Major impacts not only to dam operations but also to the resilience of local businesses and communities, with the highest economic loss estimated at $56 billion.
Silent cyber exposure to insurers, with total insured losses of up to $10 billion. By comparison, initial estimates of insured losses resulting from wind and storm surge damage from Hurricane Michael have ranged up to $10 billion.
A significant protection gap that would impact homeowners and businesses if such an event were to occur, with only 12% insured in one scenario.
Jonathan Laux, Head of Cyber Analytics for Aon’s Reinsurance Solutions business, commented: “Insurers must consider how changing technologies can cause ‘established’ perils such as flood to morph into new risks, with resulting changes to frequency and severity. By using scenarios such as this one, insurers have the ability to stress test their portfolios against new and emerging perils created by cyber risk. With that knowledge, insurers can take steps to mitigate risk, through reinsurance as well as working with businesses to increase their resilience.”
Matt Honea, Director of Cyber at Guidewire, added: “We face a huge challenge today, securing not only all laptops and phones, but all network connected devices. These connected devices are automating human tasks by powering more equipment and processing systems. We bring focus to these dam scenarios to highlight concrete examples of an extreme cyber event.”
The scenario is further outlined in the report ‘Silent Cyber Scenario: Opening the Flood Gates’ which is the latest in Aon’s Global Insurance Market Opportunities series.
Notes to editors
Since its first edition in September 2015, the Global Insurance Market Opportunities (GIMO) report has quickly become a leading thought leadership study and reference document for the re/insurance industry. In 2018, Aon is taking a new approach to its distribution, by publishing articles throughout the year rather than launching a single, comprehensive report. This approach aims to increase utilization of the content, bring ideas to market as fast as possible to support further development with re/insurance client partners, and make it easier for GIMO readers to digest the wealth of information generated annually. The series of GIMO articles is available at https://aon.io/gimo-laux