Home > About the BWL > News > Cyber-attack on BWL resulted in $2.4 million cost largely covered by insurance

Cyber-attack on BWL resulted in $2.4 million cost largely covered by insurance

Contact: BWL Media Line | 517-342-1026

11/8/2016 7:40:00 PM

No utility services interrupted, no customer or employee information compromised

Peffley says $25,000 ransom was “distasteful and disgusting but sadly necessary”

The criminal cyber-attack against the Board of Water & Light last spring resulted in $2.4 million in costs that were largely covered by insurance, BWL officials said today. The costs were mostly used to pay for a cyber-emergency response team, restoration efforts and to make technology and other improvements aimed at reducing the chances of a future attack.

The costs included a $25,000 ransom paid to the criminals who launched the attack, a payment that BWL General Manager Dick Peffley termed “distasteful and disgusting but sadly necessary” to restore the BWL’s internal corporate communications systems.

In an update on the incident delivered today at the BWL Board of Commissioners Committee of the Whole meeting, utility officials indicated that the BWL has filed an insurance claim for $1.9 million, which includes $2 million in covered losses less the cyber policy’s $100,000 deductible.

The attack affected the BWL’s internal corporate communications systems. No electric or water utility services were interrupted, and there was no evidence that customer or employee information was compromised as the result of the April 25, 2016 incident.

In acknowledging that BWL paid a ransom, General Manager Dick Peffley said:

“We paid the ransom demanded by the cyber criminals who attacked our system so that we could unlock our administrative systems. Based on our discussions with cyber-security experts, law enforcement agencies, and other organizations who have also been the targets of these types of criminals, paying the ransom was distasteful and disgusting but sadly necessary, and was the only action we could take to ‘unlock’ our system and free it from the ransomware.”

“We’ve learned in the course of this incident that we are not alone as cyber-threats have impacted many organizations. In the meantime, the BWL has made a number of improvements to help prevent a future cyber incident.”

The $2.4 million included payment for a cyber-emergency response team, crisis management, system stabilization and restoration. It also included payment for mitigation and enhanced cyber-security personnel and technologies.

###