European and North American insurers should expect a spike in cyber insurance claims following Russia's invasion of Ukraine, although these are likely to be manageable for most companies.
That is according to a commentary from DBRS Morningstar, which said that the Russia-Ukraine conflict has already increased the number of cyber incidents, although most remain unsophisticated distributed denial-of-service attacks.
The credit ratings agency highlighted how acts of war are typically excluded from cyber insurance policies, but that attribution remains a key challenge as most cyber warfare is not acknowledged by belligerent state actors.
War exclusions in insurance policies have been updated in the past three years, but insurers and reinsurers are still trying to find a balance between the right coverage and managing accumulation risk.
However, given updated exclusion clauses, reductions in limits, and product diversification, the commentary suggests that claims should remain manageable for most insurance and reinsurance companies.
“Although acts of war (declared or not) are typically excluded from cyber insurance policies, in DBRS Morningstar’s view, the current conflict could potentially increase cyber-related insurance and reinsurance claims in Europe and North America, as attribution can be very difficult to determine in cyber incidents,” said Marcos Alvarez, senior vice president and head of insurance.
“Nevertheless, we expect that insurers and reinsurers will continue to clarify their cyber war exclusions to face the new realities of state-sponsored cyberattacks.”
Meanwhile, a new report from cyber risk analytics expert CyberCube has urged insurers and reinsurers holding large books of East European business to stress test their portfolios against the threat of Russian and Ukrainian cyber attacks.
The range of relevant scenarios include cyber attacks on off-shore oil rigs, utility suppliers, mobile phone network operators, hospitals, airlines, the SWIFT banking system, plus the widespread use of wiper malware.
CyberCube recommends that insurance brokers and risk carriers encourage their clients to focus on threat modelling Russian advanced persistent threats (APTs), known criminal gangs’ tactics, techniques and procedures (TTPs), and cyber security best practices.
William Altman, CyberCube’s principal cyber security consultant, said: “This conflict will undoubtedly push the boundaries of acceptable behaviour in cyberspace. What’s worrying is that the cyber elements of this conflict could escalate quickly.
“We have the potential for unprecedented cyber-physical impacts, including attacks on critical infrastructure. However, before a full-blown cyber disaster becomes likely, we believe there will be several levels of escalation needed to reach that stage.”
Image credit: iStock
Author: Chris Seekings