American Water Works Falls Victim to Cyberattack
The U.S.’s largest regulated supplier of drinking water and wastewater services, American Water Works, announced on Monday that it was a victim of the latest cyberattack, in which the hackers had breached the company’s networks and systems, causing the loss of billing systems.
Discover the world's top
health insurers.
Compare quotes with
a click of the button.
What are the impacts of the cyberattack on the public and the company? How could such cases be better resolved by cyber insurance? This Pacific Prime article delves deep into the matter and aims to provide an extensive analysis of the case from an insurance expert’s point of view.
What Exactly Has Happened to American Water Works?
The New Jersey-based water company manages more than 500 water and wastewater systems in about 1,700 communities in 14 states and 18 military installations, affecting more than 14 million people in the country.
The company has taken protective steps after becoming aware of the unauthorized activities, including shutting down certain systems. There will be no late charges for customers while the online billing systems are unavailable. It was believed that the cybersecurity incident did not adversely impact facilities and operations, although the full impact is yet to be fully predicted.
The Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan had warned months ago that drinking water and wastewater systems are attractive targets for cyberattacks due to the “lack of resources and technical capacity to adopt rigorous cybersecurity practices”.
Shares of the company lost $.58, or 3.9%, to close at $136.99, leaving it a market capitalization of $26.69 billion.
Takeaway from the American Water Works Cyberattack
This incident, affecting a critical infrastructure provider responsible for serving millions of people, underscores the far-reaching implications of cyber risks and the urgent need for robust risk management strategies.
As businesses across all sectors grapple with similar vulnerabilities, there are several crucial lessons to be gleaned from this event that help organizations better prepare for, mitigate, and respond to cyber incidents:
- Cyber risk is pervasive: The attack on American Water Works demonstrates that no organization is immune to cyber threats, regardless of size, sector, or perceived importance. Even large, critical infrastructure providers with presumably sophisticated security measures can fall victim to cybercriminals.
This reality should prompt all businesses to regularly assess their digital footprint, identify vulnerabilities, and implement multi-layered security measures to protect against a wide range of potential threats.
- Importance of incident response planning: American Water Works’ swift action to shut down systems and notify law enforcement showcases the value of having a well-prepared incident response plan. The ability to act quickly and decisively in the face of an attack can significantly reduce the impact and associated costs.
Such plans should be comprehensive, regularly updated, and rehearsed through simulations. They should outline clear roles and responsibilities, communication protocols, and step-by-step procedures for containing and mitigating various types of cyber incidents.
- Business interruption risks: The company’s stated inability to fully predict the impact of the attack highlights the potential for significant business interruption. This underscores the need for comprehensive cyber insurance with robust business interruption coverage.
Such coverage can help offset lost income, extra expenses, and other financial impacts resulting from system downtime or compromised operations.
Create a Better Cyber Environment for Your Company
Different industries face unique cyber threats and potential impacts. Businesses should work with cybersecurity experts and property and casualty insurance professionals who understand their sector’s specific risks to develop targeted protection and coverage strategies.
At Pacific Prime, we have a team of corporate insurance experts who have over 20 years of experience in designing innovative and customized insurance solutions for businesses of all sizes. Rest assured that you will get a tailored insurance risk and gap analysis of your company so we can come up with a strategy that works best for your needs and budget.
We have helped clients who seek cyber insurance with:
- Assessing their current cybersecurity measures
- Reviewing and updating their incident response plans
- Evaluating their cyber insurance coverage to ensure it’s adequate for their risk profile
- Investing in employee training to improve overall cyber resilience
Contact our expert advisors to get started now!
Since joining Pacific Prime, Eric was exposed to a new world of insurance. Having learned about insurance products extensively, he has taken joy and satisfaction in helping individuals and businesses manage risks and protect themselves against financial loss through the power of words.
Although born and raised in Hong Kong, he spent a quarter of his life living and studying in the UK. He believes his multicultural experience is a great asset in understanding the needs and wants of expats and globe-trotters.
Eric’s strengths lie in his strong research, analytical, and communication skills, obtained through his BA in Linguistics from the University of York and MSc in Teaching English to Speakers of Other Languages (TESOL) from the University of Bristol.
Outside of work, he enjoys some me-time gaming and reading on his own, occasionally going absolutely mental on a night out with friends.
Comments
Comments for this post are closed.
We'll notify you
when our team replies!