Broker Warns: Insurers Revisiting Coverage For Cyberterrorism
June 6, 2022

Many companies hit by the NotPetya cyber attack in 2017 and the Solar Winds attack in 2020 – both of which were widely attributed to Russian intelligence – were covered by cyber insurance policies, despite the fact those policies had a war exclusion. That’s because those policies had a “carve-back,” a provision that overrules the exclusion when the attack is considered cyberterrorism, says this post from insurance brokerage and consulting firm Woodruff Sawyer. If you think this carve-back may be based on a distinction without a difference, you have company in the industry, according to the post.
“With the ongoing Ukraine-Russia conflict, the prospect of a carrier invoking the war exclusion to deny future nation-state cyberattack claims is heightened,” the writers say. “Notably, the Lloyd’s Market Association (LMA) has recently indicated a preference for Lloyd’s syndicates to exclude nation-state sponsored cyber-attacks under the war exclusion with the introduction of an `attribution of a cyber operation to a state’ provision.”
Another area where coverage could get problematic is ransomware attacks, in particular if the source of an attack has been placed on the U.S. Treasury Departments’ Office of Financial Assets Control Sanctions list. Insurance carriers won’t cover ransomware payments to entities on that list, and in fact they, like the victim itself, could receive a stiff penalty if they do so.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
The AI Executive Order’s Impact on the Healthcare Industry
President Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and […]
Cybersecurity Agency Warns About Hacking Collective
The Cybersecurity and Infrastructure Security Agency and the FBI have issued a […]
Data Privacy and Reputation Concerns About Adopting AI
Reputational damage was the greatest source of concern about AI, followed by […]