Written by Suzanne Smalley
May 18, 2022 | CYBERSCOOP
More water companies are finding they are uninsurable as ransomware attacks against the sector grow, water utility and association executives said Wednesday.
Insurers are increasingly requiring water utilities to meet stringent cybersecurity requirements to even consider insuring them, said Nick Santillo, the vice president for digital infrastructure and security at American Water, a public utility. These requirements include a strong secure access management program for protecting administrative credentials with privileged accounts, as well as endpoint detection and response tools.
“There are a lot of companies that have gone through their renewals and ended up either becoming uninsurable or have implemented some new controls in order just to get to the point of being insurable,” Santillo told an audience of water company executives gathered in Washington, D.C. for a National Association of Water Companies (NAWC) conference.
The scope of what insurers are covering is also narrowing as costs go up, said Kevin Morley, the manager of federal relations at the American Water Works Association.
CEOs of major insurance companies said last year that cyber insurance premiums sector-wide had spiked dramatically, with AIG’s chief executive saying rates increased by 40% while Chubb