Band Carolyn Cohn and Noor Zainab Hussain
LONDON, March 31 (Reuters) – Insurers face potential multibillion-dollar claims for cyberattacks linked to Russia’s invasion of Ukraine, despite policy wording designed to get them off the hook for war, sources say. ‘industry.
Following the February 24 attack on Ukraine and Western sanctions on Moscow, the US government said last week that it had seen “preparatory” Russian hacking activity targeting many US companies, although it said he had “no certainty” that such an attack would happen.
Western financial regulators have previously warned banks about the risks of cyberattacks, but none have been confirmed so far.
European and American insurers, already facing mounting losses over the past year, have increased their premiums due to the rising cost of coverage and the prevalence of so-called ransomware attacks.
If Russia carries out a major cyberattack that spreads across multiple countries, it could result in claims totaling $20 billion or more, similar to insurance claims from a major US hurricane, the industry sources said undercover of anonymity.
It comes as insurers are also suffering conflict-related losses in other business sectors such as aviation, which is considered particularly exposed to the impact of what Russia calls a “special military operation” for disarm Ukraine.
Lloyd’s of London, one of the world’s biggest players in cyber and commercial insurance policies, said last week it was facing “major” claims from the invasion. .
Cyber insurance – which market rating agency Fitch says totaled more than $2.7 billion in 2020 in the United States alone – covers a business for repairing hacked networks, loss of business interruption and also cyber ransom payments.
These policies do not cover war or attacks by so-called “state-sponsored actors”.
However, it is often difficult to identify the perpetrator of a cyberattack.
“Defining what is state-sponsored is quite difficult,” Lloyd’s of London chairman Bruce Carnegie-Brown told Reuters last week. “These policies are being tested by new events and we need to work on the wording…and make sure our customers understand where they’re covered and where they’re not.”
Even if insurers can prove that a cyberattack was the result of the conflict in Ukraine, wartime exclusions may not be enough to protect them.
Cyberinsurers have become more aware of the ambiguities in their insurance in recent years, but some are slower to adapt than others.
Policy wordings vary from insurer to insurer and are subject to interpretation, said Marcos Alvarez, head of insurance at ratings agency DBRS Morningstar.
This is expected to lead to disputes between insurers and policyholders over whether or not there is cover, much like the business interruption insurance cases that have been brought to court across the world since the COVID-19 outbreak.
A particular gray area concerns cyber terrorist attacks, which are usually covered by insurance.
Terror is generally defined more narrowly than war, but Westlaw, a Thomson Reuters company, said in a note last week that “cyberterrorism” is sometimes defined “broadly enough to include any attack on a system computing with the “intent to cause harm” in pursuit of “social, ideological, religious, economic or political objectives”.
Policyholders could end up being covered “quite extensively” by cyber or cyberterrorism policies, said Yosha DeLong, global head of cyber at insurer Mosaic.
“Anytime there is ambiguous wording on a policy, it is for the benefit of the customer, not the insurer.”
There is also a risk of “cyber silence”, in which companies have other policies that do not specifically exclude cyberattacks, and may seek to claim responsibility for them.
A New Jersey court ruled in January in favor of Merck & Co. MRK.N over a $1.4 billion insurance claim for the 2017 NotPetya cyberattack, which the White House blamed on Russia.
To reduce their overall risk, some cyberinsurers are considering broad exclusions for Russia and Ukraine, said Meredith Schnur, head of U.S. and Canada online brokerage at brokerage Marsh.
CHANGE OF TACTICS
Military casualties could lead to a different approach from Russia, including cyberattacks, Eurasia analysts said.
Some Russian units suffering heavy losses have been forced to return home and to neighboring Belarus, British military intelligence said this week, after Russia promised to scale back military operations around kyiv.
Cyberattacks have taken place against Ukrainian critical infrastructure, government services, banks and telecommunications, analytics firm CyberCube said in a report earlier this month.
Russian government institutions and companies are also targeted by cyber attackers, CyberCube said, adding that some attacks have spread to Belarus, Poland, Lithuania and Latvia.
The invasion is also adding pressure on cyber insurance premiums, with rates rising sharply due to ransomware attacks where hackers encrypt victims’ data and demand a ransom to release it.
Cybersecurity firm Coveware compared the profit margin of more than 90% of ransomware attacks last year to gains made by Colombian cocaine cartels in 1992.
Cyber insurance rates rose 130% in the United States and 92% in Britain in the fourth quarter, according to Marsh.
Industry sources see similar rate hikes this year.
Rate hikes already vary wildly, said one consultant, citing the example of a UK small business that saw its annual cyber insurance premium rise from 80,000 pounds to 450,000 pounds ($590,940.00).
“Everyone’s prices have gone up, now they’re going to go up again,” the consultant said. “Ukraine and Russia are only putting more emphasis on bonuses and availability.”
($1 = 0.7615 pounds)
Russian ransomware attacks on Ukraine mitigated by leaks and insurance issues
(Editing by Emelia Sithole-Matarise)
((firstname.lastname@example.org; 44 207 513 4391;))
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.