Polish grid attack reveals cyber-insurance gap for battery storage - pv magazine Global

A 2025 cyberattack affecting roughly 30 renewable energy sites in Poland has sharpened insurer focus on battery energy storage system (BESS) risk, highlighting a coverage gap at the intersection of cyber and property policies.

cybersecurity incident affecting approximately 30 wind and solar sites across Poland on Dec. 29, 2025, provided underwriters with a real-world example of an attack pathway against distributed renewable assets to assess rather than model.

The cybersecurity incident involved malicious activity affecting communications infrastructure and control systems at distributed energy sites, reducing or disrupting visibility between generation assets and distribution system operators. Generation was not directly manipulated. At a wind or solar site, that distinction has operational significance. For battery storage, it matters less – because the control layer exposed to an attacker is also the layer governing cell safety.

“The attack pathway demonstrated in Poland – compromise of internet-facing edge devices, absent multi-factor authentication, and reused credentials, therefore leading to access to remote terminal units, protection relays and operator interfaces – was already understood to be feasible,” said Tom Dryden, partner and head of cyber Europe at McGill and Partners. “What that example provided was confirmation that a capable actor will pursue that pathway against distributed assets and will do so with destructive, rather than just financial, intent.”