Markets/Coverages: Chaucer Offers Nuclear Power Stations Insurance for Cyberattacks

November 6, 2024

Chaucer has launched a new nuclear insurance policy that provides nuclear power plants (NPP) with insurance cover for cyberattacks.

Called CyNuC, the malicious act cyber insurance policy was developed specifically by Chaucer’s Lloyd’s Syndicate 1176 in conjunction with the insurer’s cyber team.

The policy will have a maximum aggregate limit of US$25 million and be limited to operating systems. It is offered in the US and globally. The policy can be extended to include potential business interruption following actual physical damage sustained and malware introduced to the operating systems within the policy period.

While current insurance policies for nuclear power only cover physical damage like fires caused by a “cyber incident,” Chaucer’s new policy goes beyond current protection to cover specific malicious and criminal acts – offering coverage of security failure, incident response and business interruption as well as physical damage sustained.

Michael Dawson

“We are pleased to have developed this product building on the Chaucer Cyber expertise together with the Syndicate 1176’s nuclear experience,” commented Michael Dawson, active underwriter of Chaucer in a statement. “We believe this will be a useful additional coverage for nuclear operators who have had limited insurance cover against malicious cyberattacks on nuclear power plants. The product has been designed to cover to cover for a broad range of loss, following a malicious cyberattack, including business interruption.”

The worrying rise of cyberattacks on nuclear power operators has become of significant concern due to the critical role this infrastructure plays in national security and the economy, Chaucer said, noting that the nuclear industry is acutely aware of the risks posed by cyber threats.

Disruption, damage, and general cyber vulnerabilities make nuclear power plants a prime target for malicious actors. Their critical role in national security and public safety necessitates stringent cybersecurity measures to prevent catastrophic outcomes.

More Details of CyNuC

CyNuC has been designed to cover the specific malicious “Cyber Act” and indemnify insureds for a broad range of possible losses. “Cyber Act” refers to an unauthorized, malicious, or criminal act involving access to, processing of, use of or operation of any computer system.

Additional elements of the coverage offered include:

  • Physical damage – repair of equipment and assets
  • Data breach and incident response
  • Sector specific cyber specialists to the corporate systems to control the cyberattack
  • Indemnity where cyberattack causes the business to shut down, leading to a business interruption/loss of revenue claim
  • Security failure, reputation management, additional media costs and digital asset restoration.

Enhancing Existing Nuclear Offering

Chaucer’s product enhances Chaucer’s nuclear offering by tapping into its existing cyber expertise and working with the broader insurance market to access greater capacity and distribution to all those clients with a real need for this product.

The product is developed through the UK nuclear pool – Nuclear Risk Insurers Ltd. (NRI) – which have nuclear expertise and established nuclear relationships. Chaucer Syndicate 1176 is the leading member of NRI.

Chaucer’s Cyber Centre of Excellence works collaboratively with the insurer’s energy, property and marine divisions to develop bespoke insurance solutions. It provides specialist cyber services including security training and awareness sessions for clients who wish to make their cyber security practices more robust.

Claims Management

Chaucer’s real-time incident response utilizes the company’s existing in-house cyber claims team. Insureds receive specialist advice on crisis management, incident response, software adjustments and replacements, cleansing, reinstatement and reprogramming. Chaucer’s cyber team also maintains a close relationship with third party cyber insurance claims experts to ensure incident response is as efficient as possible.

In the event of a malicious attack during the policy period to the operating systems during which physical damage occurs, the policy is expected to pay out in full due to the likely closure of the plant, while remedial action and testing takes place.

Once a claim is established, Chaucer works with co-insurers to make a speedy and efficient payment of loss.

CyNuC does not cover the following:

  • The policy does not cover voluntary shutdown or shutdown to the operating systems resulting from regulatory intervention, unless such a shutdown is made as a result of actual physical damage or as a result of proven malware being introduced during the policy period, where such malware compromises the nuclear safety systems of the operating NPP.
  • War and hostile state sponsored action is excluded. The policy includes war exclusion LMA 5567A/B (type 3).
  • There are limitations and exclusions in respect of external factors such as suppliers, damage to the grid network, and interruption of critical infrastructure outside of the client’s operation.
  • There are deductibles incorporated for non-business interruption loss of US$1 million each loss and 48 hours for business interruption loss.

Chaucer is a member of the China Re Group, one of the world’s largest reinsurance companies, which is rated A (excellent) by AM Best and A (strong) by S&P Global Ratings.

Was this article valuable?

Here are more articles you may enjoy.