Russian Cyberattack against Ukraine poses threat to insurers too

tech.hindustantimes.com:

Russian cyberattack against Ukraine and potentially other nations as part of its invasion is prodding cyber insurers to beef up language protecting them against losses, and has left policyholders uncertain about the extent of their coverage.

Insurers, still dealing with the fallout from an infamous hack in 2017, have ramped up efforts to refine policies and spell out exactly what does and doesn’t get covered in the event of a retaliatory attack by Russia for sanctions and other actions imposed by the U.S. and its allies. Cyber coverage is a relatively young industry, and lacks defined standards of accountability.  

The issue of coverage “is one that’s going to be answered on a case-by-case basis, based on the facts of any cyber incident and the specifics of an insurance policy,” said Darin McMullen, cyber product leader with insurance broker Aon Plc. 

Ukrainian officials have alleged that Russian operatives launched cyberattacksagainst government and corporate systems ahead of the invasion. The prospect of wider-ranging intrusions leaves insurers and policyholders uncertain about whether they will bear the costs if systems are breached.

Among the biggest providers of cyber coverage are Chubb Ltd., Axa SA and American International Group Inc., according to a 2021 report by the National Association of Insurance Commissioners.

At issue is the so-called war exclusion, a longstanding policy provision written by insurers. It states that losses inflicted by armed combat typically aren’t covered. While cyber warfare isn’t armed combat, the coordination of hacking and military action presumably could trigger the clause -- and force insurers to alter policy language.

“Carriers are just going to be making more updates to their policies