In 2017, Merck lost an eye-popping $1.3 billion when it got caught in the crossfire of a Russian cyberattack targeting Ukraine. The event, later dubbed NotPetya, was the largest cyberattack in history, costing $10 billion worldwide — economic damage akin to a medium-sized hurricane, or a small war. Western governments vowed to hold Russia accountable, yet none stepped forward to support the companies that were hit by the attack.
Does Your Cyber Insurance Cover a State-Sponsored Attack?
Decisions you make today will determine whether you’re facing financial chaos — or just a bad day at the office.
October 30, 2020
HBR Staff/Pexels/S M Nazmul Haque/Getty Images
Summary.
Many cyber insurance policies specifically exclude “hostile or warlike actions” from their coverage. While this is an understandable measure to protect insurers in times of widespread upheaval, it can leave businesses with little recourse when they’re hit by a state-sponsored cyberattack. In this piece, the author suggests several ways that businesses can build resilience to cyberattacks (and a potential lack of coverage due to insurance exclusions) in the short term. He then goes on to discuss how governments, insurers, and businesses must work to develop a new financial framework to address cyber risk long-term. While there’s no avoiding cyber risk entirely, thinking about these issues in advance — and developing a comprehensive strategy to prepare for them — can keep these cyber threats from becoming full-blown catastrophes.
New!
HBR Learning
Crisis Management Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Crisis Management. Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Learn how to manage uncertainty, dispel rumors, and help your team recover.
Learn More & See All Courses
New!
HBR Learning
HBR Learning
Crisis Management Course
Accelerate your career with Harvard ManageMentor®. HBR Learning’s online leadership training helps you hone your skills with courses like Crisis Management. Earn badges to share on LinkedIn and your resume. Access more than 40 courses trusted by Fortune 500 companies.
Learn how to manage uncertainty, dispel rumors, and help your team recover.