Due to the escalating situation in Ukraine, many countries and global businesses are seeing an increased risk to cyber security as collateral damage from state-sponsored cyber-attacks on infrastructure and other strategic targets.
Cyber-attacks are now common in modern warfare. At the time of writing, a ‘data wiper’ cyber-attack by the Russian military was already reportedly underway.
As witnessed with prior cyber-attack campaigns that were likely originally intended for a specific target or a country, it is possible that Internet-wide disruptions can occur, including in regions and countries where our company, clients and affiliates operate or have business.
This can be caused directly by the nation-state perpetrating the attack or by cybercriminals who often obtain and weaponize state-sponsored tools on a broader scale, explains Paul Handy, Global Head of Cyber for Crawford & Company.
“Threat actors frequently seek to take advantage of vulnerabilities created by disruptive world events, which is why we saw a spike in cyber-attacks during the pandemic,”
he says.
In this heightened risk environment, we encourage insurers and their insureds to take all precautions to reduce their cyber vulnerabilities. This should include ensuring that:
- All cybersecurity protocols are implemented and are enforced
- Security operation centres are appropriately staffed
- Systems and devices are all patched, including third-party software and firmware
- Firewalls are tested and enforced
- Antivirus software is updated
- Passwords are unique and updated
- Backups are running correctly and the ability to restore from backups tested
- Employees are briefed on the heightened risk and encouraged to report anomalies
Coverage considerations
The insurance market is assessing the increased risks and exposures stemming from the escalation of activity in Ukraine and looking closely at the wording and application of War exclusions as it may not be obvious how to attribute an attack that was, for example, perpetrated by a threat actor using a tool developed for an act of war.
In the Lloyd’s Market, all insurance and reinsurance policies must contain a War exclusion, except in very limited circumstances. However, the LMA Cyber Business Panel drafted four Cyber War and Cyber Operations clauses in 2021 (LMA5564-7), which means the extent of coverage and exclusion may vary from policy to policy.
“The complexity of the situation and the application of different clauses in the market means a close examination of policy wordings will be required in the event of any claim,”
says Handy.
Crawford’s dedicated are on standby to assist and respond as needed.