09 May 2018

Joint Rig Committee launches oil and gas cyber risk report

The LMA and IUA has published its inaugural Joint Rig Committee (JRC) report, ‘Upstream Oil and Gas Cyber Risk – Insurance Technical Review’. This publication will provide the Lloyd’s and London insurance market with the background, threats and practical measures being implemented to reduce risk related to cyber threats in the upstream oil and gas industry. 

The report, which resulted from a workshop of senior oil and gas underwriting leaders, cyber experts and specialists from various technical disciplines (safety, instrumentation, process engineering, etc.), identifies systemic vulnerabilities in the design of oil and gas platforms and states that the periods of greatest vulnerability for these installations are during the project phase and when patches are applied to operating systems. 

Other key topics and findings in the first report include:

  • existing upstream facility design parameters may be invalid or insufficient against cyber risk
  • as assets age, if design protections are not maintained, cyber-related systemic risk increases
  • support systems, which are typically sourced from lower tier vendors with fewer cyber risk management capabilities, may be vulnerable
  • operations systems increasingly interact with existing IT infrastructure which require frequent updating, increasing the risk of malware being introduced via an update
  • Segregation/Zoning is an important factor in reducing risk.

The report recommends that a change in approach to the design of these industrial facilities is required to adequately control major accident hazard risk that may arise from cyber related scenarios. Additionally, that further work, on a facility by facility basis, is required to assess the exposures and vulnerability to cyber events that might give rise to large systemic losses.

James Straker-Nesbit, Senior Technical Executive, LMA said: “I am pleased to announce the launch of the first Joint Rig Committee cyber report. This report aims to inform market practitioners of evolving cyber exposures within the offshore oil and gas market and provide an up-to-date analysis via an accessible resource, detailing the frequency and severity of past attacks so members are able to address risk factors.”

The report’s author, Francis Lobo, Head of Oil & Gas Engineering, Canopius commented: “The threat landscape in the virtual world is continuously changing. Oil and gas companies are lucrative targets for cyber attackers motivated by industrial espionage, theft of intellectual property or engaging in indiscriminate criminal activity involving blackmail and ransom demands. These companies need to raise awareness of the risks across the board, with senior management encouraging active participation of all staff to eliminate the risk as much as practicable.”


- ENDS –

Notes to Editors

For further information please contact:

James Milne, Head of Communications
Lloyd’s Market Association
T 020 7327 8405

About the Lloyd’s Market Association (LMA)

Formed in 2001 and located in the heart of the Lloyd’s Building in the City of London, the Lloyd's Market Association represents the interests of the Lloyd’s underwriting community. All underwriting businesses at Lloyd’s are members, together managing gross premium income of around £32billion per annum.