Broker Warns: Insurers Revisiting Coverage For Cyberterrorism
June 6, 2022
Many companies hit by the NotPetya cyber attack in 2017 and the Solar Winds attack in 2020 – both of which were widely attributed to Russian intelligence – were covered by cyber insurance policies, despite the fact those policies had a war exclusion. That’s because those policies had a “carve-back,” a provision that overrules the exclusion when the attack is considered cyberterrorism, says this post from insurance brokerage and consulting firm Woodruff Sawyer. If you think this carve-back may be based on a distinction without a difference, you have company in the industry, according to the post.
“With the ongoing Ukraine-Russia conflict, the prospect of a carrier invoking the war exclusion to deny future nation-state cyberattack claims is heightened,” the writers say. “Notably, the Lloyd’s Market Association (LMA) has recently indicated a preference for Lloyd’s syndicates to exclude nation-state sponsored cyber-attacks under the war exclusion with the introduction of an `attribution of a cyber operation to a state’ provision.”
Another area where coverage could get problematic is ransomware attacks, in particular if the source of an attack has been placed on the U.S. Treasury Departments’ Office of Financial Assets Control Sanctions list. Insurance carriers won’t cover ransomware payments to entities on that list, and in fact they, like the victim itself, could receive a stiff penalty if they do so.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and […]
The Cybersecurity and Infrastructure Security Agency and the FBI have issued a […]