With the increase of state sponsored cyber attacks being made against Ukraine and other global allies, protecting your organization against such attacks has become imperative. Additionally, The Biden administration is continuing to warn Americans of potential "malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed". Needless to say we may see a significant increase in cyber warfare in the next year. For organizations it is important to know what their cyber insurance policy says about "war exclusions".
Most cyber insurance policies include language regarding "war exclusions" or "hostile act exclusions". This usually means that insurers aren't liable or expected to defend against acts of war. While the first war exclusion clauses sought to exclude specific malware strains, newer clauses or much more general. For instance the first clauses in 2017 were specifically designed in order to exclude coverage for the NotPetya malware infection. Insurers claimed that because NotPetya was used by governments to attack other governments it didn't fall under the insurers liability. In recent years war exclusion clauses are implemented on a much broader scale to cover all cyber attacks made in an act of war.
Most insurance companies are tightening their contracts to include any loss or damage as a consequence of war or a cyber operation. This protects insurers from having to pay out in the case that your organization is hit with a state sponsored attack made as an act of war against another states government. Because cyber warfare has become such a viable option within the last decade it is no wonder that insurers are beginning to tighten down their contracts and craft stricter language in order to mitigate losses due to these types of attacks. How does this impact your organization?
Due to the global nature of markets, supply chains, and business in general it is becoming increasingly harder for organizations to remain unaffected by foreign tensions and events. Despite lack of U.S. military involvement, it is entirely possible that organizations may become targets of Russian cyber operations and attacks. This means that it's time to take a look at your cyber insurance policy and understand what you're covered for. Hiring independent counsel to look over and breakdown your cyber insurance policy with you and be extremely helpful in receiving an unbiased view of your level of protection. It's never safe to assume you're covered against everything, waiting on a coverage letter and reviewing your plan will help you build your plan in the event you fall victim to a data breach. Additionally, professionals recommend never assuming when talking to insurers about the cause of a particular breach.
If you believe your organization to be a victim of an act of cyber war, then it's best to make sure you are 100% sure of the attacker. Oftentimes the possibility of cyber warfare is enough to spook insurers into denying protection.
However, protecting your organization from attack should be your primary concern. CorpInfoTech can evaluate the security posture of your business and make sure that you are getting the most out of your cyber insurance!
More Cyber Insurance Information: CorpInfoTech’s Cyber Insurance Whitepaper
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.