The new policy covers owners and operators in any circumstance where the ability to generate power — and the revenue associated with power generation — is affected by a cyber attack.
In practice, this could mean loss of revenue and expenses incurred due to destruction of digital assets, loss of use or theft of import SCADA (supervisory control and data acquisition) data, reputational harm and cyber extortion.
Cover can also be extended to include an attack on assets not actually owned by the policy owner: damage to a third-party substation or to transmission infrastructure that prevents the export of power, GCube stated.
To date, the bulk of cyber and ransomware attacks in the energy sector have targeted conventional generation infrastructure.
But with renewables supplying an increasing proportion of electricity to domestic grids worldwide, clean energy projects are becoming an equally prominent target, GCube warned.
It added that annual losses caused by cyber attacks worldwide total an estimated $64 billion.
The new offering is the first of its kind in the renewable energy sector, the underwriter claimed.
It launched the policy at the GCube Advisory Council meeting in Austin, Texas — a biannual gathering bringing together senior insurance and risk management executives from the North American renewable energy sector.
"In the renewables market, the benefits of ‘big data’ and interconnectivity in driving operational efficiency are well-established," said Fraser McLachlan, CEO at GCube.
"But there is an underlying risk that this increasing digitalisation makes the industry a more obvious target for cyber crime.
"Thus far, the wind and solar markets have avoided a major incident, but research efforts by cyber security experts show just how easy it could be for hackers to bypass IT security mechanisms and gain control of, or otherwise influence, the operation of a wind or solar facility," McLachlan added.
At the American Wind Energy Association’s Windpower 2018 conference in May, senior technical advisor for energy and power at UL, Bruce Bailey, told Windpower Monthly cyber security attacks on wind farms were "inevitable".
He added that there had already been several deliberate attacks targeting wind farms, as well as some inadvertent cyber security issues created for project owners.
Wind power projects are increasingly connected, via the internet, to their owner, possibly the OEM and certainly an operations and maintenance (O&M) provider, Bailey added.
He also said smart grids are a two-way system with many points of entry for cyber criminals.
Cyber attacks can cause loss of production and revenue, as well as injuries to staff or bystanders, damage to equipment or an owner’s reputation, and regulatory fines.