In 2017, Merck lost an eye-popping $1.3 billion when it got caught in the crossfire of a Russian cyberattack targeting Ukraine. The event, later dubbed NotPetya, was the largest cyberattack in history, costing $10 billion worldwide — economic damage akin to a medium-sized hurricane, or a small war. Western governments vowed to hold Russia accountable, yet none stepped forward to support the companies that were hit by the attack.
Does Your Cyber Insurance Cover a State-Sponsored Attack?
Many cyber insurance policies specifically exclude “hostile or warlike actions” from their coverage. While this is an understandable measure to protect insurers in times of widespread upheaval, it can leave businesses with little recourse when they’re hit by a state-sponsored cyberattack. In this piece, the author suggests several ways that businesses can build resilience to cyberattacks (and a potential lack of coverage due to insurance exclusions) in the short term. He then goes on to discuss how governments, insurers, and businesses must work to develop a new financial framework to address cyber risk long-term. While there’s no avoiding cyber risk entirely, thinking about these issues in advance — and developing a comprehensive strategy to prepare for them — can keep these cyber threats from becoming full-blown catastrophes.