Cyber Insurance policies typically include an exclusion for acts of war, called the war exclusion. For underwriters, the war exclusion has become top of mind because of the threat of cyber-attacks by Russia. What is it and how might it impact you? And what can you do?
Many types of policies include some form of the war exclusion, which has been around for decades (see here). But for most of us the war exclusion is a non-event – it is only an issue if there are assets at risk of war (think marine).
Cyber Insurance is different because there are no geographic boundaries to the exposure – attacks can come from anywhere, and many do. Many criminals are situated in Russia and China, but other countries have their share as well (including the US & UK). And experts believe that some state actors are either directly or indirectly involved in criminal activity including Russia, China and North Korea. Unfortunately, it is often difficult to determine who the attackers are with any degree of certainty.
The war exclusion is intended to exclude claims originating from acts of wars by countries (state actors). Underwriters are concerned about attacks from the same source impacting many different insureds at the same time – called aggregation or systemic risk.
There is no standard war exclusion wording in Cyber Insurance, although Lloyds is attempting to bring some level of standardization and clarity (see below). The wording varies by insurer and by coverage – examples include:
War, civil war, revolution, rebellion, insurrection, or civil strife arising therefrom or any hostile act by or against a belligerent power, capture, seizure, arrest, restraint or detainment (piracy excepted), and the consequences thereof…
War, invasion, acts of foreign enemies, terrorism, hostilities, civil war, rebellion, revolutions, insurrection, military, or usurped power; however, this exclusion will not apply to cyber terrorism.
Over the last few years, some Cyber Insurance underwriters have tried to balance the significant state actor exposure in cyber with the realities of not knowing who a perpetrator might be by modifying the war exclusion. These modifications were typically made in the insured’s favor with the realities of cyber-attacks in mind. That is no more.
Russia’s invasion of Ukraine and the potential for Russian cyber attacks has dramatically changed underwriter’s perspective on war risk. Cyber underwriters are taking a closer look at the war exclusion, and in some cases tightening the wording (see here). For example, Lloyds has developed market exclusions with tighter language (see here) that attempts to provide great clarity to what is covered and what is not, and Munich Re it also tightening language (here). But not everyone agrees that the result is clarity (see here).
State actor cyber attacks are not theory. Ukraine was attacked with the NotPetya malware in 2017 (see here), but the malware spread rapidly beyond Ukraine and did significant damage (> $10.0 billion worldwide). That attack sparked lawsuits between insureds and insurers, including a lawsuit by Mondelez against Zurich over Zurich’s application of the war exclusion (see here, here). Also, Sony Pictures was attacked in 2014 by North Korea according to US intelligence (see here).
What Can You Do?
- Continue to utilize cyber security best practices, including MFA, timely patching, and strong backup procedures. Take advantage of valuable risk management information provided by some leading cyber insurers, including third party scans, to help reduce risk.
- Review your breach response/business continuity plans – are they ready to go?
- Consider and compare the war exclusion clauses in your Cyber Insurance proposals.
- Expect Cyber Insurance costs to increase – buy coverage first, not price, to ensure comprehensive protection.
- If you have a claim, report the claim immediately and report what you know to be true. Do not speculate about the origin. The application of the war exclusion is dependent on both the specific wording and the facts of an attack, and in many cases will not be applicable.
eSpecialty Insurance is your specialty insurance expert. We have developed a streamlined marketplace to provide multiple proposals from a range of competitive insurers, along with expertise to help you evaluate your exposures and choose the best combination of comprehensive coverage and price. Try our online Cyber Insurance Quoting Portal for immediate Cyber Insurance pricing. We look forward to working with you.