[Updated] New York ISO: $5M Cyber Insurance Effective December 1
UPDATED – December 3, 2018
The data security agreement (DSA) requires ESCOs to hold cybersecurity insurance in the amount of $5 million per cybersecurity incident. The requirement is effective December 1, 2018, and is a change from an original proposal of twice as much cyber insurance.
The DSA was forged in response to an order instituted by New York’s Public Service Commission in June as part of a broader initiative to establish firmer cybersecurity guidelines within the energy industry. The initiative is driven by recent cybersecurity incidents that the Commission believes warrant stronger cybersecurity protections to be in place.
The insurance requirement is part of the broader DSA governing how information is exchanged between utilities and energy service entities (ESEs), including ESCOs. More information on the cybersecurity situation and most recent DSA in New York can be found here.
The required $5M cyber liability insurance from New York ESCOs creates a lower barrier to entry than the original $10M per occurrence requirement. However, Staff and the Commission’s failure to consider whether cyber liability insurance is the right policy tool, the “SWAG” as to the right amount of insurance required, and the adoption of a “one size fits all” approach highlights the leadership failure in New York.
The Empire State could have been a leader in establishing well-reasoned cyber security policy in the retail energy space, but the rush to get to an answer right now rather than the right answer created a solution in search of a problem.
*Insight provided by Phillip Golden and reflects his views and not necessarily those of Energy Pages or its Staff.