Companies relying on their business interruption or property insurance policies to cover ransomware attacks and other cyber damages are running the risk of not having coverage during a major attack if insurers are successful in shielding themselves using the ubiquitous "act of war" clause, according to cybersecurity and insurance experts.
Last week, insurers' arguments gained more weight when the US indicted six members of the Russian military for a variety of cyber operations, including the NotPetya wiper attack that disrupted business operations worldwide. Damages from those attacks are at the heart of major lawsuits against insurance companies, including a $1.3 billion legal action brought by pharmaceutical giant Merck against a collection of insurers and a $100 million lawsuit brought by food and beverage conglomerate Mondelez against Zurich Insurance.
In both cases, insurers claim the NotPetya attack represented a hostile act by a sovereign power, preventing any payout.
"The indictment underscores the general principle here that from a practical perspective, insurance is not a get-out-of-jail-free card," says Jason Crabtree, CEO of risk management firm QOMPLX. "It should be considered a supplement to your own financial risk calculations."
The lawsuits also underscore a fundamental problem in insuring companies against unforeseen business interruptions and loss of profits due to modern cyberattacks. Nation-states are often behind such operations. North Korea has bankrolled many financial crimes, Iran favors data-wiping malware, Russia commonly uses former Soviet territories as testbeds for cyberattacks, and the United States took part in the Stuxnet attack, which spread to other computers.
Moreover, large-scale r ..
Support the originator by clicking the read the rest link below.
