Skip to main content
Marsh logo

Article

Three interconnected risks shaping the energy transition

Understand the interconnected risks in the energy sector, from political instability to cyber threats and find out how to safeguard your organisation in 2025.
Person's name and title

By Kerry Westlake

Head of Sales, Power and Renewable Energy

25/04/2025 · 6 minute read

From political uncertainty to supply chain disruption to the prevalence of cyberattacks, the transitioning energy sector confronts a multitude of risks, and often, these become intertwined. This landscape requires energy organisations to take a more comprehensive approach as they innovate to position themselves for success. To examine these risks and potential strategies, Marsh recently held a briefing, the highlights of which are summarised below. 

1. Political risk: Strategies based on outdated frameworks could slow the energy transition

In a changing world, the geopolitical assumptions that have traditionally shaped risk management strategies and decision-making are often based on a system that no longer exists. As a result, energy organisations must assess whether these assumptions remain valid and, if not, adjust their risk management approaches accordingly.

Additionally, during last year’s election "super cycle," some governments were elected, in part, due to their express promises to curtail certain policy aspects designed to support the energy transition, as these policies were perceived to be raising costs for voters in the shorter term.

While energy transition policies are still being implemented and opportunities for economic growth in this sector exist, ongoing uncertainty and instability are likely to persist. Changes to these policies, such as rollbacks or delays, may challenge businesses that have invested in compliance based on long-standing expectations. For example, Sweden recently rejected wind farm applications in the Baltic Sea, citing concerns about missile launch detection from Russia.

Other significant themes shaping the political risk outlook for 2025 include the divergence of central banks on monetary policy, increased government intervention focused on domestic interests and enhancing national sovereignty, and a shift towards a more transactional world order reflecting notable changes in international relations. Additionally, uncertainties surrounding investments and regulations as traditional fuel-based energy systems transition to more sustainable and renewable energy sources may continue to pose challenges.

Organisations can monitor these changes using the Marsh’s World Risk Review, which evaluates risks across various countries, enabling informed decision-making about operations and investments in different regions.

2. Cyber risk: Physical cyber risk could be a major uninsured liability on an organisation’s balance sheet

Physical cyber risk could be one of the most significant uninsured liabilities on an organisation’s balance sheet, though the energy sector has been an early adopter of cyber physical damage insurance.

Unlike conventional cyberattacks, which typically require only network access and malware, a physical cyberattack necessitates engineering knowledge and a physical component to inflict actual damage. There is no "self-destruct" button in energy organisations; simply flipping switches and shutting valves are unlikely to cause physical damage.

However, while the shift from legacy analogue devices to digitally controlled equipment enhances operational efficiency, it also increases vulnerabilities. An attack on one piece of equipment can have impacts across multiple organisations. 

A notable example is the Stuxnet virus, which destroyed centrifuges at an Iranian uranium enrichment facility. Despite the facility being air-gapped, attackers infected specific motors used to spin the centrifuges, leading to their destruction. This attack also infected tens of thousands of computers and devices worldwide that were unrelated to the Iranian nuclear industry.

Until recently, physical cyberattacks were primarily the domain of sophisticated state actors who developed these capabilities for deterrent purposes. However, these capabilities have spread to other state actors and criminal groups, who are using them for other purposes. Additionally, Russian cyberattackers have specifically targeted Ukraine’s energy sector and power grid. In future, they may shift their focus outward, using skills honed during the war, which could increase global physical cyber risk.

A decade ago, many organisations included coverage for physical cyber risk under their property insurance policies; however, the insurance market has since shifted to exclude cyber risk.

The good news is that the cyber insurance market has stepped in to fill this gap, offering products on either an exclusionary buyback or affirmative basis to address physical cyber risk. Marsh can conduct a gap analysis of your property programmes to identify and resolve these issues.

The energy sector is also a prime target for conventional cyberattacks, perpetrated by both state-sponsored and financially motivated threat actors. In 2024, the average cost of a data breach in this sector was estimated at US$5.29 million, surpassing the global average of US$4.88 million, and underscoring the complexity of these attacks and the need for substantial recovery resources.

Threat actors are increasingly targeting utilities; recent incidents include unauthorised access to a Massachusetts power utility for over 300 days, as well as breaches of other US critical infrastructure, suggesting that attackers are likely gathering information from other locations.

To prepare for potential cyber incidents, organisations should regularly test their incident response plans through tabletop exercises that involve board members and incident response teams, clarifying roles and responsibilities. Establishing clear communication protocols for incident responders is crucial, especially when internal systems are compromised. Marsh offers access to a secure communication platform called Cygnus to enhance communication during crises.

3. Supply chain risk: Sentrisk enhances the data provided to insurers, resulting in improved insurance outcomes

Sentrisk is an advanced AI-powered platform designed to transform supply chain risk management by tracing suppliers across multiple tiers — not just an organisation’s direct suppliers, but also their suppliers’ suppliers and beyond. In a complex piece of machinery, the highest supply chain risk may not stem from major components such as engines or bearings, but from smaller components like fasteners or screws. Sentrisk can uncover potential risks and disruptions within a supply chain, including those related to natural hazards, cyber threats, port delays, child labour, tariffs, sanctions, deforestation, and over-reliance on one supplier or location. It can assess how these factors could negatively impact a business, potentially leading to project delays and downtime, reputational damage, and shortcomings in sustainability practices.

This proactive approach enables companies to access reliable and detailed supplier information that can:

  • Inform their sourcing strategy
  • Help diversify their supplier base
  • Develop contingency plans to mitigate potential financial impacts

As a result of this platform, we have significantly enhanced the data provided to insurers, often leading to improved outcomes, particularly in contingency business interruption coverage for property renewal submissions.

Market insights and insurance can effectively mitigate interconnected risks

The recently published UK Utilities Risk Report 2025 also reveals the interconnected nature of risks facing the energy sector, highlighting the need for improved risk preparedness.

Marsh provides bespoke insurance solutions that address interconnected risks and the unique challenges associated with your projects.

With our extensive energy industry expertise, we offer valuable market insights to empower clients to make informed decisions about project development, investment, and risk management.

Please get in touch with us today for more information on mitigating risks or to connect with our energy team in the UK.

Contact us

Related insights

Battery Energy Storage Systems

Article

The surge of BESS projects in Europe and the California battery fire

01/04/2025
Wind turbines at the countryside in summer day, aerial view.

Podcast

Risk in Context Podcast: Insurance’s critical role in a successful energy transition

01/04/2025
Offshore wind

Article

Standardisation in offshore wind farms

03/03/2025
Offshore wind

Article

The importance of collaboration in the fast-growing offshore wind sector

03/03/2025
View more