The control room inside the Paks nuclear power plant in Hungary. Photo: Bloomberg/Contributor
Introduction
Obtaining cyber insurance is an option for organizations that are unable or unprepared to handle cyber risks by themselves. This could be perhaps because the expense of employing full-time staff dedicated to mitigating cyber risks is hard to justify, or because the risk cannot be quantified sufficiently well for the organization to be confident in assessing its response capabilities.
Several organizations in the civil nuclear sector currently ‘self-insure’ against technological accidents, insider threats to computer systems and information, and external hacking. Self-insuring involves setting aside internal funds and resources to cover risks, rather than contracting with an insurance company, and is a natural extension of the use of in-house information security and privacy teams. However, other options also exist for addressing cyber risks. This paper sets out a roadmap for how organizations in the civil nuclear sector can explore their options and review their cyber risk exposure.