Skip to main content
What can we help you find?
main content, press tab to continue
Article | FINEX Observer

Client alert: Kill switches, solar panels and cyber insurance considerations

By Robert Barberi | May 28, 2025

The discovery of hidden kill switches in U.S. solar power inverters elevates cybersecurity concerns, raising key insurance considerations.
Subscribe
Cyber-Risk-Management-and-Insurance|Financial, Executive and Professional Risks (FINEX)
N/A

Cyber incidents impacting the energy and infrastructure industry have been firmly in focus since the Colonial Pipeline ransomware incident in May 2021. More recently, a ransomware attack impacting Halliburton in August 2024 put increased scrutiny on resilience to ransomware in this sector. However, putting ransomware aside, recent reports of the discovery of “kill switches” secretly implanted in solar panels in the U.S. have raised new fears of other potential tactics nation-state threat actors could deploy to sabotage electrical grids. This new exposure raises important questions pertaining to the role that the cyber insurance industry, and the larger insurance industry at large, could play when it comes to addressing this new, potentially devastating risk.

What happened?

Starting the second week of May 2025, several notable publications reported the discovery in the U.S. of cellular radios, reportedly manufactured by unknown Chinese companies, within solar power inverters.[1]According to a report published by The Times, the hidden equipment could be triggered remotely to shut down inverters, potentially sabotaging a large part of critical infrastructure in the U.S. and Europe. Over the course of the past several months, these cellular devices were apparently found in inverters, presumably allowing a threat actor to potentially physically destroy or shut down energy assets remotely[2].

Cyber insurance considerations

Based on the limited facts available, it’s premature to jump to conclusions in evaluating the extent of possible cyber insurance coverage. While policy terms and conditions can vary significantly from one policy to the next, it’s important to keep in mind the following coverage considerations with respect to a potential incident that could result:

  • Physical damage: Some reports show concern for the threat actor to cause physical damage which could result in ensuing physical business interruption.[3] As we often see cyber exclusions on property policies which could preclude coverage for physical damage caused by a cyber incident, it’s imperative to analyze these property policy coverage gaps and pursue coverage extensions on cyber policies when appropriate. The market appetite for physical damage coverage in the cyber marketplace is increasing and more robust solutions are available to address this coverage gap.
  • War exclusion: Practically all cyber policies (and all insurance policies in general) will include a war exclusion. However, there are dozens of different war exclusions circulating the marketplace, each offering varying degrees of coverage certainty for nation-state sponsored attacks. As this incident involves the potential for a nation-state threat actor, this provision in your cyber policy should be firmly in focus.
  • Infrastructure exclusion: Most infrastructure exclusions will exclude losses arising from widespread disruptions to infrastructure not under the insured’s direct control arising from a cyber incident. It’s important to restrict the scope of this exclusion where possible.
  • Covered computer systems: A close examination of the definition of Computer System or Network could be warranted to ensure ICS and SCADA systems are contemplated, as well as hardware or firmware not connected to the internet, intranet or VPN, such as the aforementioned implanted cellular radios.
  • Triggers for security breaches: Coverage will be triggered under most cyber policies by unauthorized access, the failure of security or the introduction of malware to a computer system or network. These triggers need to be evaluated closely to determine whether a threat actor implementing a kill switch on a piece of firmware surreptitiously inserted into a converter without the insured’s knowledge.

Furthermore, tailored coverage extensions can be negotiated to address other ensuing liabilities, such as claims for failure to supply brought by customers of power and utility operators and ensuing environmental liabilities. Willis’ team of cyber brokers and consultants can assist with assessing these specific risks, identifying coverage gaps and tailoring cyber policies to ensure companies are best positioned to manage these emerging risks.

Footnotes

  1. Chinese ‘kill switches’ found in US solar farms,
    Kill Switches Secretly Installed In Solar Panels,
    Rogue communication devices found in Chinese solar power inverters. Return to article
  2. Chinese ‘kill switches’ found hidden in US solar farms. Return to article
  3. China installs kill switches in solar panels sold to the West; here’s why it’s extremely dangerous and how Beijing could trigger a world war. Return to article

Disclaimer

WTW hopes you found the general information provided here informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, WTW offers insurance products through licensed entities, including Willis Towers Watson Northeast, Inc. (in the United States) and Willis Canada Inc. (in Canada).

Author

Robert Barberi
Senior Director, FINEX Cyber
email Email phone +1 617 351 7490
Related content tags, list of links Article FINEX Observer Cyber Risk Management and Insurance Financial, Professional and Executive Risks Energy Natural Resources

Related solutions

Cyber Risk Management and Insurance
Financial, Professional and Executive Risks

Related insights

See all insights
Survey Report
Insurance Marketplace Realities 2025 Spring Update – Cyber Risk
Article
Emerging AI exposures and the role of cyber and E&O insurance
Article
Client alert: Medical device manufacturer is the latest ransomware victim
Contact us