Insurers check their war exclusions for cyberattacks

While cyberattacks have increased since Russia invaded Ukraine and many countries have responded with tougher sanctions, most of these attacks have been more basic distributed denial of service attacks from both sides of the conflict. said a DBRS Morningstar commentary on the potential impact of cyber warfare on North America. and European insurers.

“While acts of war (whether declared or undeclared) are generally excluded from cyber insurance policies,” said Marcos Alvarez, senior vice president and chief insurance officer at DBRS Morningstar, “the current conflict could potentially increase cyber insurance claims. insurance and reinsurance related to cybersecurity in Europe and North America, as attribution can be very difficult to determine in cyber incidents.”

He added that it is expected that “insurers and reinsurers will continue to clarify their cyberwarfare exclusions to address the new realities of state-sponsored cyberattacks.”

It is difficult to attribute cyberattacks to state actors or proxies, as those who engage in cyberwarfare generally do not make their actions public. The commentary indicates that even a specific state actor is strongly suspected, “judicial courts may not side with insurers, particularly if the wording of existing policies is subject to interpretation.”

In response, DBRS Morningstar noted that beginning in 2019, insurers and reinsurers revised and tightened war exclusion language in cyber insurance policies and all-risk insurance policies that could include coverage. “cyber silent”: situations in which a policy does not explicitly include or exclude cyber risk.

Attribution will remain difficult, the commentary says, “because the onus is on the insurer to demonstrate that a cyber incident was indeed committed by a state actor or its proxy in the absence of official confirmation from the intelligence agencies of the targeted country.” .

And, for most litigation, obtaining the information needed to prove state involvement may simply take too long – and in some cases may never be disclosed for security reasons.

Over the past two years, rising claims mean that cyber insurers’ loss ratios have increased as the profitability of cyber insurance products has deteriorated. The frequency and severity of claims have increased, according to the report, citing data from the National Association of Insurance Commissioners which revealed that the combined ratio of standalone and comprehensive policies covering cyber risks in the United States jumped to 66, 9% in 2020, compared to 44.6% in 2019.

This has resulted in large rate increases and reductions in the limits available per policyholder. DBRS Morningstar said it expects cyberinsurance rate tightening to continue in 2022 given the potential fallout from the Russia-Ukraine conflict. Insurance and reinsurance companies are also increasing cyber rates to cover the costs of services, such as negotiating with hackers and recovering data from ransomware attacks.

DBRS Morningstar further predicted that litigation costs in the insurance industry would rise as more policyholders sue for denied claims.

“The global cyber insurance market has experienced phenomenal growth since 2015 in response to more frequent and more sophisticated cyber attacks,” the commentary states, “a trend that is expected to continue in the medium term with gross written premiums estimated at over 20 billions of US dollars. by 2025.”

And reinsurance and insurance companies are closely monitoring the risk of a single cyber event affecting multiple policyholders simultaneously.

“Cyber ​​risk has the potential to generate a chain of highly correlated losses due to the increasing connectivity of global communications and the widespread use of certain operating systems,” the commentary notes. “A systemic event of such magnitude, particularly in the context of state and non-state actors employing cyber warfare against adversaries, has the potential to cost multiples of the estimated size of the current cyber market.”

Featured image by iStock.com/the-lightwriter

Comments are closed.