Ransomware attacks against water utilities pose insurance risk

CyberScoop reports that increasingly prevalent ransomware attacks targeted at the water industry have prompted greater insurance challenges for water companies. Water utilities are being asked to keep up with stricter cybersecurity requirements including endpoint detection and response systems, as well as robust secure access management programs by insurers, according to American Water Vice President for Digital Infrastructure and Security Nick Santillo. "There are a lot of companies that have gone through their renewals and ended up either becoming uninsurable or have implemented some new controls in order just to get to the point of being insurable," said Santillo at a National Association of Water Companies conference. Meanwhile, NAWC President and CEO Rob Powelson also noted the severity of the insurance crisis befalling water firms. "The insurance markets cant sustain paying for these ransomware attacks over time. Your average ransomware attack is running between $5 to $8 million... What if you have four of them within one fiscal year? How can an insurer in good conscience be able to make those payments?" said Powelson.