The Russia-Ukraine war has made it challenging for many organizations to secure acts-of-war cyber insurance coverage. In fact, war exclusions dismiss any “hostile or warlike action” damages to protect insurers against systemic losses from government, military or associated group attacks.

This article provides insights on how your business can successfully navigate digital warfare’s influence on cyber liability insurance amid the rise of nation-state cyberattacks. Understanding its impact on cyber policies will help you respond to cyberwarfare exposures and minimize losses.  

Legal Advancements

One of the most destructive malwares ever deployed, the billion-dollar NotPetya global cyberattack involved an outbreak targeting thousands of systems and hundreds of companies. Ukraine suffered significantly as cybersecurity experts suspect the attack was politically motivated by the Russian government. 

While malicious, the incident was instrumental in legally narrowing digital warfare and war exclusions. Suffering an influential loss, U.S. pharmaceutical company Merck & Co. placed an insurance claim for 40,000 damaged computers and $1.4 billion in overall losses. Regardless of a $1.75 billion all-risk property insurance policy that covered damages from computer data and software destruction or corruption, their claim was denied. Merck & Co.’s insurer cited the policy’s war exclusion as justification, categorizing the incident as a Russian government act of hostility.

Responding with a lawsuit, the court ruled in Merck & Co.’s favor as the policy’s war exclusion neglected to specifically address digital warfare. Merck & Co. reasonably believed the exclusion only applied to losses from traditional, physical acts of hostility. The court emphasized that the insurer should have altered the policy to clearly exclude digital hostilities as a war exclusion.

Insurance Industry Developments

This court case influenced insurance companies to implement several cyberwarfare claim adjustments. War exclusions have become more than traditional war between nations. In fact, the exclusion has numerous variations and coverage options dependent on your insurance carrier and industry. Insurers are looking for ways to tighten war exclusion language in contracts as the Russia-Ukraine war has elevated concerns of increased cyberattack claims. 

Even prior to the War, cyber insurance insurers were under pressure to increase premiums and tighten underwriting. Future applications will require documentation detailing cybersecurity prevention and practices. Carriers are also altering policy language to clearly identify war exclusion coverage.

Cybersecurity Best Practices

It’s imperative you take steps to mitigate digital warfare losses. Preventive strategies can also make your company more attractive to underwriters and reduce apprehensions in providing you adequate cyberwarfare coverage. 

Utilize the following best practices to avoid and respond to nation-state cyberattacks:

Understand Exposures

Digital exposures from nation-state cyberattacks can vary by industry. Evaluate your specific operations and determine the likelihood of a foreign cyberattack. Together, your senior leadership team and trusted IT professionals should be actively involved in conducting these assessments to provide insight for security measures and digital procedures. 

Response Plan 

A cyber incident response plan will provide response protocols so your business can maintain operations and mitigate any cyber incident losses. Successful strategies outline potential cyberattack scenarios, establish methods to maintain operations and designate individual responsibilities. It should also determine when to contact external parties (e.g., law enforcement, legal counsel, IT specialist, insurance broker). Communicate and routinely practice your plan (e.g., penetration testing, tabletop exercises) to ensure its effectiveness, identify security gaps and adjust your response plan. 

Security Software 

Various security software can help your business better detect and deter nation-state cyberattacks. Implement this protection into all workplace technology and update regularly. Software to consider includes:

• Network monitoring systems 
• Data backup & encryption services 
• Antivirus programs 
• Firewalls 
• Multi-factor authentication (MFA) capabilities 
• Endpoint detection products 
• Patch management tools

Follow Government Guidance 

Verify your cybersecurity practices and procedures align with guidance from applicable government agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA). A recent executive order from the White House recommends companies to execute with urgency the following steps:

• Mandate MFA on all systems 
• Deploy modern security tools on all computers and devices
• Verify your systems are patched and protected against known vulnerabilities
• Change network passwords
• Backup data offline
• Run exercises and drill your emergency plans
• Encrypt data
• Proactively engage with local Federal Bureau of Investigation (FBI) or CISA offices to reach relationships
• Encourage IT and security leadership to visit CISA and FBI websites for technical information and useful resources

We’re Here to Help With Cyber Risks

Unfortunately, the Russia-Ukraine war has increased digital warfare and expanded nation-station cyber threats. Your business can successfully navigate this risky landscape by understanding how your insurance policy will respond to cyberwarfare losses. Implementing many cybersecurity preventive strategies can also minimize these losses. For additional guidance on war exclusions or preventive cyber strategies, connect with a member of our team.