Proactive indemnification for security risks

29 June 2018

Cover can now be offered to our clients for an insurance policy that triggers on suspicion or imminence of a loss. The policy pays for the policyholder’s suspicions to be investigated, prevented and/or remediated.

This cutting edge product offers pre-emptive and reactive indemnified access to the world’s leading and most experienced security advisors to assist in the investigations, analysis and crisis response to any given security incident or threat globally. Critically, these indemnified services can be called upon by the Insured, not only in the event of an incident occurring but on suspicion or imminence of an incident.

This therefore allows your organisation to access the professional security consultants to support you in preventing and mitigating risks across a wide range of security perils prior to the incident actually occurring, which immediately reduces business down-time in dealing with the crisis, eliminates reputational and litigation risks, and avoids potential insurance claims across a client’s insurance portfolio.

Security risks impacting the Energy sector specifically are diverse and ever-changing thus challenging risk managers and security teams to ensure they have the right processes in place. Whether it is a cyber compromise via a phishing email, server or data network hack, criminal risks such a fuel theft, murder or active shooter, political risks posed by governments such as potential contract frustration or asset confiscation, political violence or terrorism threats from local criminal groups impacting pipelines or infrastructure, all of these risks can detrimentally impact a company’s reputation, integrity, balance sheet, share price and workforce.

CONSIDERATIONS

Information Risks

  • The oil and gas industry in the United States faces a number of cyber risks. In April 2018, a cyber-attack targeted a shared data network, resulting in 4 natural gas pipeline operators suspending communication with customers. The intended target was Latitude Technologies, a Texas-based firm that provides data-sharing services for the oil and gas industry. No suspect has been identified, although the attack would fit with reports that Russia is targeting US critical infrastructure in cyber-attacks. Attacks that target company data on exploration technologies are also possible in the future.
    Source: New York Times 4th April 2018
  • The oil and gas sector also faces a risk of cyber compromise as a result of phishing emails. A report by security firm Symantec in 2017 revealed that a group known as ‘Dragonfly’ had used spear phishing emails and Trojan software to attack the energy sector in the USA, Switzerland and Turkey. Phishing emails contained information specific to the sector to lure employees to open attachments, which leaked data and credentials. The motivation for these attacks appears to be both sabotage and intelligence gathering, and a state actor was likely responsible.
    Source: www.symantec.com/blogs/threat-intelligence/dragonflyenergy-sector-cyber-attacks
Criminal Risks 
  • Criminal risks generated by drug cartels in Mexico are diverse and staff located in the country will be exposed to the risk of murder, assault and abduction. Murder rates are particularly elevated in Mexico. 29,168 murders were reported in 2017 a 127% increase from the previous year [source: The Guardian 21 January 2018] Risks are concentrated in Baja California, Chihuahua, Estado de Mexico, Guanajuato, Guerrero, Michoacán, Sinaloa, and Veracruz states. Violence is driven by a growing number of turf wars, as drug cartels splinter into smaller groups. Whilst foreign nationals are less likely to be directly targeted in violence, there remains a collateral risk from gun violence.
  • Fuel theft by criminal organisations in Mexico remains a risk. State-run firm Pemex stated in March 2016 that around 23,500 barrels per day were lost from its network due to illegal siphoning of oil [source: www.pgitl.com/explore/article/mexico-fuel-theft-to-increase-costs-for-foreign-investors]. This amounted to an annual loss of USD 1.2 billion. There is also growing evidence to suggest that criminal groups have the capabilities to siphon natural gas from pipelines.
  • The easy availability of firearms in the USA makes active shooter incidents a particular risk in workplaces. According to the Federal Bureau of Investigations, of 160 active shooter incidents that occurred between 2000 and 2013, over 80% occurred in the workplace. Of these, 73 incidents occurred in businesses, resulting in the deaths of 210 people. 34 of these incidents were perpetrated by current or former employees, whilst 8 involved relations of an employee Source: www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/fbi-active-shooter-work.aspx

Political Risks

  • Presidential elections on 1 July 2018 have the potential to increase political risks for oil and gas companies operating in Mexico. Left-wing candidate Andrés Manuel López Obrador has vowed to reverse a programme of energy sector liberalisation introduced by outgoing president Enrique Peña Nieto. This would include a review of contracts awarded by the current administration, potentially leading to licence cancellations or revocations.

Extortive Crime

  • In recent years, drug cartels in Mexico have turned to express kidnapping and extortion as a source of revenue. There were 1,390 cases of kidnapping reported in 2017, a 22.9% increase on 2016 [source: www.aig.dk/content/ dam/aig/emea/denmark/documents/k-r-trends2017-nya. pdf]. However, the official number is likely to be much higher as an estimated 98% of kidnappings go unreported. The highest risk states are currently Veracruz, Tamaulipas, Estado de Mexico and Guerrero. Workers in the extractive industry have been targeted by cartels. Over 50 Pemex employees have been kidnapped in the last 10 years. As the industry opens up to foreign investment, foreign nationals are likely to be increasingly affected.
  • Individuals working in the oil and gas industry, particularly in remote locations, will face extortive crime risks in Colombia, where the Ejército de Liberación Nacional (ELN) has refused to abandon kidnapping. Personnel working for oil companies in Arauca and Norte de Santander will face the most significant risk. The ELN often holds foreigners for a prolonged period of time whilst demanding a ransom. In January 2018, the ELN kidnapped an Ecopetrol contractor from an office in Saravena. It is not currently clear if the victim has since been released or if a ransom has been demanded [source: http://www.financecolombia.com/elnguerrilla-group-kidnapping-ecopetrol-contractor].
Terrorism 
  • Demobilisation of the Fuerzas Armadas Revolucionarias de Colombia (FARC) has reduced the overall terrorism risk facing oil and gas companies in Colombia. However, the ELN continues to pose a high risk of improvised explosive device (IED) attacks on pipelines and infrastructure. A ceasefire between the government and the group ended in January 2018, and the ELN resumed attacks. Hydrocarbon assets in Antioquia, Arauca, Atlántico, Bolívar, Chocó, Nariño, and Norte de Santander are at particular risk.
  • In 2018, there are likely to be a growing number of protests by local communities against the hydrocarbon industry in Colombia, which will generate business interruption, property damage and injury risks. In June 2017, protests by the Alto Unuma indigenous community resulted in a suspension of operations at the Rubiales field, as protesters occupied the site. This caused a drop in production of 9,500 barrels a day [source: Reuters]. Similarly, in May 2017, protesters at Ecopetrol’s Castilla and Chichimene projects burned a vehicle and damaged pipeline valves.
  • Protest risks in the US are generated by right-wing organisations and counter-protests by left-wing groups. Such incidents are unlikely to directly target companies operating in the oil and gas sector, although clashes between rival protesters can generate collateral property damage and injury risks for bystanders. Incidents of alleged police brutality are also likely to result in protests by the Black Lives Matter movement. Such incidents may involve road blockades or rioting, generating further collateral property damage risks for companies.
Due Diligence Activist Cyber

Tick Box A

  • 24/7 access to a global security centre with 41 specialist
  • teams in 36 offices worldwide
  • Expert consultant(s) deployed to your corporate HQ and/ or the location of the event to provide immediate support in handling the potential crisis event
  • Security personnel or protection team deployed as required
  • Assistance in establishing a crisis management team at your HQ and an incident management team in the country where the event took place
  • Security profiling of perpetrators
  • Investigation services
  • (Digital) Forensic examination
  • Stakeholder analysis
  • Protection of critical assets
  • Security reviews
  • Surveillance and counter-surveillance
  • Security awareness training
  • Technical surveillance counter measures
  • Production of Initial Position Report or Threat Assessment
  • Report
  • Negotiation and strategy support and training
  • Analysis and advice on communications
  • Identification of legal obligations and liabilities
  • Liaison services with interested parties (law enforcement,
  • government officials, families of victim(s))
  • Media planning
  • Victim de-briefing
  • Personnel impact assessment
  • Post-event analysis and de-brief report

Tick Box B

  • It provides a simple, robust mechanism to access technical, analytical and response expertise on demand
  • Eliminates a company’s financial volatility in responding to unpredictable events
  • Compliments a company’s existing security and business continuity function, providing bench-strength and additional resource
  • Builds resilience through resource and pre-event mitigation
  • Enables business continuity, ensuring that a company has the correct resources immediately on hand when needed

Event Chart

Download Energy Newsletter

If you require any further information, please contact John Cooper, Managing Director on +44 (0)20 7466 6510 or email john_cooper@jltgroup.com.

YOU MAY ALSO BE INTERESTED IN