Energy companies should look at the opportunity to conclude cyber-risk insurance because cyber-attacks cause more financial damage than nature causes such as storms, typhoons or earthquakes, said Călin Rangu at the conference DigitALL 2021, organized by Energynomics.

Director of the Directorate for public relations, Petitions and Financial Education of the Financial Supervision Authority (ASF) and vice-Chairman InsurTech Task Force, the European Insurance and Occupational Pensions Authority (EIOPA) considers “cyber risks exist and we will not get rid of them, they will get bigger and bigger; their financial coverage is very important. The average damage on cyber risks is about 3 million euros, in which you actually have to cover identification, recovery, all the work of correcting the image of the company covered by a cyber risk insurance, all the investigation”.

“So there is a certain concept of cyber risk insurance, there are brokers, insurance companies in Romania that provide them, and I think it would be an interesting topic for the peace of mind of management and IT security in energy companies to look at this opportunity to insure themselves, because this is the trend, these insurance products are growing rapidly worldwide. The damage caused by cyber risks has overcome the damage caused by natural risks. So storms, typhoons, earthquakes, don’t cause as much damage as cyber-attacks are causing at the moment,” said Călin Rangu quoted by Agerpres.

The ASF representative considered that insurance against cyber-attacks is important for the energy sector, as these attacks cannot be eliminated.

“Cyber insurance is very important to the energy system, because all these attacks that are being mentioned, these attacks cannot be eliminated, you don’t have an 100% capacity to protect so that nothing could happen to you. If someone wants to attack you, if they keep attacking you, they will get you a little bit or more, they will destroy more or less, but there are some losses. These (energy, e.n.) companies are already part of the national critical system under the NIS Directive. By implementing such standards, there is practically a very clear responsibility of companies, of management, even a criminal responsibility. These are very high fines –fines from the GDPR can also be covered by cyber risk insurance if data leakage is caused by a cyber-attack. You took the necessary steps for security, that means you took some measures to prevent it”, mentioned Călin Rangu.

The ASF representative stressed that companies’ security systems should not be internally penetrable.

“It must generate benefits, otherwise you see it just as a cost generator. Cyber risks can damage you because of computer systems, but IT systems need to be a plus against to the costs they can generate. (…) We are talking about security, but it doesn’t matter if you buy firewalls and antiviruses, when the IT system is broken, when you have computer architectures which are not correlated, when you do not have a data management with a data quality, it doesn’t help having security solutions, because you secure something that is actually penetrable from the inside”, added the ASF director, Călin Rangu.

DigitALL 2021 was organized by Energynomics, in partnership with reputed organizations such as AHK Romania, CIO Council, BusinessMark with the support of our partners: ABB România, ACE – Industrial Software Solutions, Enevo Group, Safetech Innovations.