Business Blackout - the insurance implications of a cyber attack on the US power grid

By Lloyd's and the University of Cambridge Centre for Risk Studies

“A trusted component or system is one which you can insure.” (Ross J Anderson, “Liability and Computer Security: Nine Principles”, ESORICS 1994, p.244)

“A trusted component or system is one which you can insure.” (Ross J Anderson, “Liability and Computer Security: Nine Principles”, ESORICS 1994, p.244) 


Business Blackout, a joint report by Lloyd’s and the University of Cambridge’s Centre for Risk Studies, considers the insurance implications of a cyber attack on the US power grid.

While there have been large individual business losses attributed to cyber attacks, there have, at the date of writing, been no examples of catastrophe-level losses from a widespread cyber attack affecting many companies and insurers at the same time. 

This report publishes, for the first time, the impacts of this sort of attack using the hypothetical scenario of an electricity blackout that plunges 15 US states including New York City and Washington DC into darkness and leaves 93 million people without power. The scenario, while improbable, is technologically possible and is assessed to be within the benchmark return period of 1:200 against which insurers must be resilient. 

The scenario predicts a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail and chaos to transport networks as infrastructure collapses. 

In the scenario, a piece of malware (the ‘Erebos’ trojan) infects electricity generation control rooms in parts of the Northeastern United States. The malware goes undetected until it is triggered on a particular day when it releases its payload which tries to take control of generators with specific vulnerabilities. In this scenario it finds 50 generators that it can control, and forces them to overload and burn out, in some cases causing additional fires and explosions. This temporarily destabilises the Northeastern United States regional grid and causes some sustained outages. While power is restored to some areas within 24 hours, other parts of the region remain without electricity for a number of weeks. 

Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario. 

The report also analyses the implications of these direct and indirect consequences on insurance losses. The total of claims paid by the insurance industry is estimated at $21.4bn, rising to $71.1bn in the most extreme version of the scenario. One of the important considerations identified by this report for insurers is the wide range of claims that could be triggered by an attack on the US power grid, revealed in the matrix in Figure 4 at page 40. 

The scenario in this report describes the actions of sophisticated attackers who are able to penetrate security as a result of detailed planning, technical skill and imagination. A relatively small team is able to achieve widespread impact, revealing one of the key exposure management challenges for insurers. However, the report also describes the constraints faced by the attackers, and shows that insurers should not believe this type of threat to be unlimited in its potential scope. 

Claimant types

Insurance payments from the scenario would likely apply to six primary categories of claimant: 

1. Power generation companies

  • Property damage to their generators.
  • Business interruption from being unable to sell electricity as a result of property damage.
  • Incident response costs and fines from regulators for failing to provide power. 

2. Defendant companies

  • Companies sued by power generation businesses to recover a proportion of losses incurred under defendants’ liability insurance.

3. Companies that lose power – companies that suffer losses as a result of the blackout.

  • Property losses (principally to perishable cold store contents).
  • Business interruption from power loss (with suppliers extension).
  • Failure to protect workforces or causing pollution as a result of the loss of power. 

4. Companies indirectly affected – a separate category of companies that are outside the power outage but are impacted by supply chain disruption emanating from the blackout region.

  • Contingent business interruption and critical vendor coverage.
  • Share price devaluation as a result of having inadequate contingency plans may generate claims under their directors’ and officers’ liability insurance. 

5. Homeowners

  • Property damage, principally resulting from fridge and freezer contents defrosting, covered by contents insurance. 

6. Specialty

  • Claims possible under various specialty covers, most importantly event cancellation. 

Key findings

  • Responding to these challenges will require innovatation by insurers. The pace of innovation will likely be linked to the rate at which some of the uncertainties revealed in this report can be reduced.
  • Cyber attack represents a peril that could trigger losses across multiple sectors of the economy.
  • A key requirement for an insurance response to cyber risks will be to enhance the quality of data available and to continue the development of probabilistic modelling.
  • The sharing of cyber attack data is a complex issue, but it could be an important element for enabling the insurance solutions required for this key emerging risk.


The cyber attack scenario in this report shows the broad range of claims that could be triggered by disruption to the US power grid. This poses a number of complex challenges for insurers, which would need to be addressed if insurers are to more accurately assess cyber risk and develop new cyber insurance products. Nevertheless, insurance has the potential to be a valuable tool for enhancing the management of, and resilience to, cyber risk. 

Lloyd’s conclusions 

A cyber attack of this severity is an unlikely occurrence, but we believe that it is representative of the type of extreme events that insurers should assess in order to understand potential exposures. One of the key features of cyber risk brought to life by the scenario is the broad reach of a major event: insurers should consider cyber attack to be a peril that could trigger a wide range of economic losses. 

Cyber risk is already an embedded feature of the global risk landscape, and insurance has the potential to greatly enhance cyber risk management and resilience for a wide range of organisations and individuals who are exposed to its impacts. Nevertheless, the likelihood and impact of severe events remain subject to much uncertainty, and the pace of insurance innovation should be linked to the rate at which this uncertainty can be reduced. 

This report also reveals the vital contribution of research and analysis in reducing uncertainty concerning cyber risk. Data will be a key factor for enabling further analysis and the development of models to enhance the understanding of cyber risk. The systemic, intangible, constantly evolving nature of cyber threats presents significant challenges for gathering the data required to achieve accurate quantification of the risk for insurance portfolios which could span the global economy. A key mechanism, therefore, by which any insurance or research organisations might be able to achieve the insight needed to capture the full extent of the risk could be enhanced data exchange. 

The sharing of cyber risk data is a challenging undertaking involving many complex issues. Examples of sharing arrangements for cyber attack data are already in operation around the world, and these offer the promise that much can be achieved. However, the scale of event described in this report reveals the very wide scope of data that insurers require in order to reduce uncertainty concerning severe events. The sharing of insurance loss data attributable to cyber events among insurers could contribute to this, but this is unlikely to be sufficiently comprehensive in isolation to accurately assess extreme events spanning the full spectrum of threat and every economic sector. Voluntary sharing of cyber attack data, involving a wide range of parties with an interest in developing resilience to cyber attack, offers the most promise for enabling the insurance required to meet this key emerging risk.

Posted on July 8, 2015 and filed under Cyber, Lloyd's, Emerging Risk.