Broker Warns: Insurers Revisiting Coverage For Cyberterrorism

Many companies hit by the NotPetya cyber attack in 2017 and the Solar Winds attack in 2020 – both of which were widely attributed to Russian intelligence – were covered by cyber insurance policies, despite the fact those policies had a war exclusion. That’s because those policies had a “carve-back,” a provision that overrules the exclusion when the attack is considered cyberterrorism, says this post from insurance brokerage and consulting firm Woodruff Sawyer. If you think this carve-back may be based on a distinction without a difference, you have company in the industry, according to the post.

“With the ongoing Ukraine-Russia conflict, the prospect of a carrier invoking the war exclusion to deny future nation-state cyberattack claims is heightened,” the writers say. “Notably, the Lloyd’s Market Association (LMA) has recently indicated a preference for Lloyd’s syndicates to exclude nation-state sponsored cyber-attacks under the war exclusion with the introduction of an `attribution of a cyber operation to a state’ provision.”

Another area where coverage could get problematic is ransomware attacks, in particular if the source of an attack has been placed on the U.S. Treasury Departments’ Office of Financial Assets Control Sanctions list. Insurance carriers won’t cover ransomware payments to entities on that list, and in fact they, like the victim itself, could receive a stiff penalty if they do so.