Cyber insurance sales more than doubled last year to nearly $15 billion as companies sought to protect themselves from the costs of ransomware and computer viruses that could cripple their operations.
Like most insurance policies, these have exclusions for acts of war. Its purpose is to protect insurers from claims related to cyberattacks by governments, their military, or groups working for them.
But a judge in New Jersey poked a hole in that exclusion in a ruling last year, essentially saying that a general work-of-war exclusion does not cover cyberattacks. Now, insurers are exploring ways to toughen that language in future contracts, amid concerns that they could be vulnerable to cyberattack claims under existing policies stemming from Russia’s invasion.
Fitch Ratings cautioned in a March 1 note that the invasion of Ukraine “increased the risk of cyberattacks and potential claim costs” for insurers who are already testing the effectiveness of “war exclusion” and “hostile act exclusion” language. can do”. investigation since the verdict
There has been no major cyber attack in the war so far. But while the Kremlin has the means to launch them, vigilante hackers on both sides of the conflict have created confusion on the digital front.
In the New Jersey case, drugmaker Merck & Co alleged that it lost $1.4 billion in 2017 cyberattacks. About three dozen of its property insurers rejected Merck’s claim, citing war exclusions. The incident stemmed from a cyberattack known as Notepetya, which targeted a Ukrainian accounting firm and indiscriminately leapfrogged the computer networks of other organizations around the world. The White House blamed Russian military hackers for the incident, calling it the most costly and devastating cyberattack ever.
In the ruling against the insurance companies, the judge said their exclusions addressed acts of war and hostility, but not cyberattacks – although such attacks had been on the rise for years.
“Merck had every right to infer that the exclusion applied only to conventional forms of warfare,” the judge wrote.
Some insurers have settled with Merck and others have appealed against the decision.
Insurers are going down two paths to protect themselves from wartime cyberattacks. In its appeal, trade group American Property Casualty Insurance Association said the ruling undermines the insurance market’s ability to mitigate cyber risk by “burdening insurers with far-reaching liability from hostile nation-state cyberattacks.”
With greater exposure to risk, insurers are becoming more selective about customers looking for stronger network protection or renewing than ever before. “It is a very difficult process for an insured to buy cyber insurance today,” said Henry Clarke, head of professional and executive risk at Australian broker Honan Insurance Group.
Another way is an attempt by some in the insurance industry to redefine long-standing war exclusions. But they need to be careful because if they’re too broad, businesses won’t buy coverage.
Lloyd’s Market Association, a trade group, proposed the new terms in November, but very few Lloyd’s syndicate have adopted it to date, said Thomas Reagan, cyber practice leader at the Marsh brokerage unit of Marsh McLennan Cos. Brokers and policyholders are concerned about “highly broad and unacceptably vague exclusions,” he said.
Representatives for the association and Lloyd’s did not respond to emails seeking comment on the wording.
Cyber insurance can be a stand-alone policy or part of a comprehensive coverage package, which addresses things like fixing breaches, restoring data, notifying customers and monitoring their credit. Terms can vary widely. Chubb Ltd., American International Group Inc., and Travelers’ Cos are the largest sellers by market share. He declined to comment.
The cyber product has not been as profitable as it used to be due to the rise in ransomware attacks, prompting recent rate increases to offset the higher costs. According to Marsh, premiums rose an average of 130% in the US and 92% in the UK in the fourth quarter.
With more policy restrictions, companies could “pay many times more for coverage they received two or three years ago, if they can get that coverage at all,” said Mark Dwley, an analyst at RBC Capital Markets.
Don’t miss a story! Stay connected and informed with Mint.
download
Our App Now!!