قالب وردپرس درنا توس
Home / Insurance / Cyber ​​insurance companies are facing real Ukraine war-related demands

Cyber ​​insurance companies are facing real Ukraine war-related demands



(Reuters) – Insurance companies face potential multibillion-dollar claims for cyberattacks related to Russia’s invasion of Ukraine, despite policy formulations designed to get them off the hook for war, industry sources say.

Following the February 24 attack on Ukraine and Western sanctions on Moscow, the US government said last week that it had seen “preparatory” Russian hacking activity targeting a large number of US companies, although they said it was “not certain” that a such an attack would occur.

Western financial regulators have already warned banks of the risks of cyberattacks, but none have been confirmed so far.

US and European insurance companies, which are already facing increasing losses over the past year, have pushed up premiums due to the increased cost of coverage and the prevalence of ransomware attacks.

If Russia carries out a major cyberattack that spreads to several countries, it could lead to claims totaling $ 20 billion or more, similar to insurance claims from a major U.S. hurricane, industry sources say on condition of anonymity.

This is because insurance companies also suffer losses related to the conflict in other business sectors such as aviation, which is seen as particularly vulnerable to the effects of what Russia calls a “special military operation”

; to disarm Ukraine.

Lloyd’s of London, one of the world’s largest players in cyber insurance and other commercial insurance, said last week that they were facing “major” claims from the invasion.

Cyber ​​Insurance – whose market valuation agency Fitch says it amounted to over $ 2.7 billion by 2020 in the United States alone – covers a business for repairing hacked networks, losses from business interruptions and even payments of redemption via cyber.

Such policies do not cover wars or attacks by so-called “state-sponsored actors”.

However, it is often difficult to identify the perpetrator of a cyberattack.

“Defining what is state-sponsored is quite challenging,” Lloyd’s of London chairman Bruce Carnegie-Brown told Reuters last week. “These policies are being tested by new events, and we need to work through the wording … and make sure our customers understand where they are covered and where they are not.”

Although insurance companies can prove that a cyberattack was the result of the conflict in Ukraine, war exclusions may not be enough to protect them.

Cyber ​​insurance companies have become more aware of ambiguities in their insurance in recent years, but some are slower to adapt than others.

Police formulations vary from insurer to insurer and are open to interpretation, says Marcos Alvarez, head of insurance at rating agency DBRS Morningstar.

This is expected to lead to disagreement between insurers and policyholders on whether there is coverage, similar to cases of business interruption insurance that have gone to court worldwide since the outbreak of covid-19.

A special gray area is cyber-terrorist attacks, which are generally covered by insurance.

Terrorism is usually more narrowly defined than war, but Westlaw, a Thomson Reuters company, said in a note last week that “cyberterrorism” is sometimes defined “quite broadly to include all attacks on a computer system with the” intent to cause harm “to promote “social, ideological, religious, economic or political goals.”

Policyholders may end up being covered “quite expansively” by cyber or cyberterrorism policies, says Yosha DeLong, global cyber chief at insurance company Mosaic.

“Whenever there are ambiguous wordings on an insurance policy, it is to the customer’s advantage, not the insurer’s.”

There is also a risk of “silent cyber”, where companies have other policies that do not specifically rule out cyber attacks and may try to claim them.

A New Jersey court has ruled in favor of Merck & Co. in January. over an insurance claim of $ 1.4 billion for the cyber attack NotPetya 2017, which the White House blamed on Russia.

To reduce their overall risk, some cyber insurance companies are considering broad exceptions for Russia and Ukraine, says Meredith Schnur, leader of cyber brokers in the US and Canada at broker Marsh.

Military losses could lead to a different approach from Russia, including cyber attacks, said analysts at Eurasia.

Some Russian units suffering heavy losses have been forced to return home and to neighboring Belarus, the British military intelligence service said this week, after Russia promised to reduce military operations around Kyiv.

Cyberattacks have taken place against Ukrainian critical infrastructure, government services, banks and telecoms, the research company CyberCube said in a report earlier this month.

Russian state institutions and companies are also targets of cyber-attackers, CyberCube said, adding that some attacks have spread to Belarus, Poland, Lithuania and Latvia.

The invasion is also increasing the pressure on cyber insurance premiums, with prices rising sharply due to ransomware attacks.

The cyber security company Coveware compared the profit margin of 90% from ransomware attacks last year with the profits of Colombian cocaine cartels in 1992.

Cyber ​​insurance prices rose 130% in the US and 92% in the UK in the fourth quarter, according to Marsh.

Industry sources see similar interest rate hikes this year.


Source link