Will an Act of War Destroy Your Cyberinsurance Coverage? | Womble Bond Dickinson | #cybersecurity | #cyberattack


But news of significant hacks drives more companies into the cyberinsurance market despite the costs. According to Bloomberg, cyberinsurance prices rose nearly 100% in 2021 and keep climbing. Travelers Insurance, working to justify the leaping costs of its products, lists the following reasons for higher cybersecurity prices: a wave of ransomware, rising breach response costs (from forensic and legal experts to ransom payments and regulatory fines), increasing tech complexity and budgets, inadequate cybersecurity hygiene (which is why better controls can now lead to lower insurance prices), lack of advance response plans, and business interruption expenses. Shutting down business operations may be a way for criminals to force ransom payments, but it also creates an expensive risk reduction system, and all companies are suffering from it.

However, for the price of protection, you would expect your insurance company to pay to remediate a properly-reported cyberattack. Property insurers have long excluded “acts of war” from insurable damage that would receive payments. Most cyberinsurance policies have similar exclusions. This leads insurance customers to wonder, in a world where hackers and ransomware gangs from Russia and Ukraine initiate a significant percentage of cyberattacks, when would those attacks be considered “acts of war” during a real shooting war? If your company is smacked with ransomware from a Russian crew associated with the Kremlin, will your insurance company exclude the costs from your cyberinsurance policy as an act of war?

Lloyds of London just released a set of new exclusion clauses for addressing cyber war. These clauses are for underwriters to consider placing in Lloyds insurance contracts, and “have been drafted to provide Lloyd’s syndicates and their (re)insureds (and brokers) with options in respect of the level of cover provided for cyber operations between states which are not excluded by the definition of war, cyber war or cyber operations which have a major detrimental impact on a state.” Lloyds specifies that the “act of war” exemption language applies to China, France, Japan, Russia, the U.K and the U.S. The new clauses supply underwriters with extensive leeway to refuse to pay claims.Importantly, Lloyds can decide that the attack was an act of war even if the attackers do not declare themselves. Pending any government attribution of an attacker, Lloyds can decide through reasonable inference to attribute any attack to state activities, and therefor falling within the “act of war” exclusion.

Property insurers have long excluded “acts of war” from insurable damage that would receive payments. Most cyberinsurance policies have similar exclusions. This leads insurance customers to wonder, in a world where hackers and ransomware gangs from Russia and Ukraine initiate a significant percentage of cyberattacks, when would those attacks be considered “acts of war” during a real shooting war? If your company is smacked with ransomware from a Russian crew associated with the Kremlin, will your insurance company exclude the costs from your cyberinsurance policy as an act of war?

TED CLAYPOOLE



Original Source link

Leave a Reply

Your email address will not be published.

four + two =