Article by Ross Kiddie, Sr. BESS Risk Manager for Renewable Guard
As we live through the transformation brought about by technological advancements in North America’s power grid, the importance of energy resilience and cybersecurity risks is becoming increasingly significant. This concern extends beyond grid operators and regulators; risk managers and insurers are now also faced with the challenge of managing these evolving risks. Traditional energy insurance products, which were historically focused on physical perils, are being redefined to include cyber insurance that addresses data breaches and digital disruptions. Today, these two areas are interconnected, as modern grid vulnerabilities encompass both physical and digital threats. Insurers are now operating in a world where extreme weather events, cyberattacks, and system interdependencies increasingly interact. In this shifting landscape, Renewable Guard brings specialized expertise across renewable energy, cyber risk, and a comprehensive insurance platform to help organizations stay resilient and well-protected.
The rapidly changing energy risk environment is reshaping how the energy sector approaches insurance, risk transfer, and resilience investment, underscoring the urgent need for adaptation.
A Grid Under Stress: Extreme Events Are Increasing in Scale and Complexity
The grid has always faced threats from natural disasters such as hurricanes, tornadoes, ice storms, hailstorms, extreme heat, and wildfires. What has changed is the frequency, intensity, and geographic unpredictability of these events, adding a new layer of complexity to the grid’s risk landscape.
For insurers and renewable energy asset owners, this means that high-impact, low-frequency events are no longer outliers, a trend that is driving updates in underwriting assumptions, risk modeling, capital reserves, and premium structures. Policies tied to business interruption, property loss, and operational liability must now reflect the reality that extreme events are both more likely and more widespread.
Cyber Risk Expands as the Grid Digitizes
At the same time, the grid is becoming dramatically more interconnected and digital. Inverter-based resources (IBRs), battery storage systems, distributed energy resources (DERs), smart meters, sensors, telecom communication networks, cloud-based SCADA systems, and AI-enabled analytics create operational sophistication, but also a significantly expanded cyber-attack vulnerability exposure.
This shift increases exposure to:
- Coordinated cyberattacks on transmission, distribution, and communication networks.
- Targeted malware attacks on operational technology (OT)
- Coordinating attacks coinciding with extreme natural events, amplifying impacts
- Supply chain compromises involving critical components.
- AI-assisted intrusions used by adversaries.
Incidents like the April 2025 Nova Scotia Power ransomware attack that compromised sensitive customer data belonging to approximately 280,000 customers highlight the reality that even relatively simple attacks can cause real-world electricity disruptions.
Cyber insurers, meanwhile, can face mounting losses tied to ransomware, OT breaches, and cascading impacts across critical infrastructure. According to the National Renewable Energy Lab (NREL), 71% of energy professionals in 2025 say their organizations face greater vulnerability to OT cyber incidents than ever before, up from 64% in 2023. [nrel.gov]
Converging Threats: Where Energy and Cyber Insurance Now Overlap
Historically, insurers separate energy risk (physical damage, natural events) from cyber risk (digital compromise). But the modern grid blurs these boundaries:
- Wildfire may knock out communications and control networks, delaying recovery.
- A cyberattack during severe weather/high load requirement conditions reduces generation availability, causing load loss and potential grid problems.
- Digital controls on modern technologies— inverter-based resources and storage create cross-domain vulnerabilities.
- Interdependence with other networked systems, such as natural gas, telecommunications, water, transmission and distribution, and cloud providers, introduces shared failure modes.
This convergence is causing insurers to rethink how to model risk correlation and accumulation. For example, a single catastrophic event may generate simultaneous claims under property coverage, cyber coverage, business interruption, and even environmental liability lines. This complexity underscores the need for insurers to develop innovative solutions to effectively manage and mitigate these risks.
Conclusion: Insurance Supports Greater Grid Resilience
North America’s power grid is experiencing a period of increased vulnerability. Unprecedented complexity arises from extreme natural disasters, evolving digital threats, interconnected infrastructures, and swift technological changes, making the current risk environment more challenging than ever before.
Energy and cyber insurance, once separate silos, must now evolve together. Insurers, grid operators, regulators, and policymakers all share responsibility for ensuring that risk is understood, priced, mitigated, and transferred appropriately, highlighting the crucial role of each stakeholder in this collective effort.
Robust resilience is now an economic priority, not just an operational or engineering goal. Insurance can serve as a powerful mechanism to promote investments in resilience and support recovery when disasters strike, but only if it keeps pace with the grid’s technological and climatic realities. Keep on the lookout for Renewable Guard’s upcoming list of documentation and recommendations to address these new cyber challenges.
