For many Australian businesses, insurance is a "set and forget". Company executives assume that, after taking coverage for a specific issue, they will be covered.
In the world of cyber security some recent examples show that is not always the case.
The outbreak of war in the
NotPetya hit the pharmaceutical giant
The insurer, International Indemnity, rejected the claim and sought to invoke an act of war exemption. Only after a very lengthy and expensive series of legal proceedings was Merck successful. However, many other organisations may not have the significant resources required to pursue this path if their claim is denied.
The disturbing consequences of the NotPetya attack continue to rumble through the cyber insurance market.
With the
But are they really covered? It is estimated that the global annual cyber insurance premium market is
Given the increase in number and severity of cyber attacks leading to higher claims, what was once a profitable line of business for insurers has quickly turned into a category with unsustainable financial returns.
So serious is the financial outlook for insurers that
Lower credit ratings result in higher premiums across all insurance categories.
As with all insurance contracts, the devil is in the detail.
What is often not understood are the raft of exclusions and carve outs that can be relied on by insurance companies to avoid paying claims related to cyber breaches.
Confusion is rife for businesses trying to navigate often tricky offerings, with some policies covering the costs associated with data and privacy breaches, while others claim to cover the entire spectrum of costs incurred as a result of a cyber incident.
Many insurers have amended wording to make it clear that property and general policies do not automatically include coverage for cyber-related incidents. Others are introducing new exclusionary clauses that go beyond traditional acts of war and include cyber operations attributable to a state or those acting on its behalf.
Meanwhile, cyber insurance limits are being lowered every year by insurers, sometimes even halved, while premiums increased by up to 40 per cent in 2021.
Even when organisations completely understand the wording of their policy, there are many hurdles to jump before a successful claim can be made.
The nature of cybercrime invites deception and misdirection and attribution of the attack to a specific hacker is not always possible. In other cases, the identity of a state-sponsored agent may be known but kept confidential for political or diplomatic reasons.
The breakout of war in
While the conflict in
Prior to Russian troops invading, cyber attacks were launched on Ukrainian financial, aviation and IT providers.
In response, the Ukrainian Government announced that it had mobilised an IT army to fight off Russian hackers.
Coupled with the uncertainty associated with cyber insurance in times of war, it is clear that organisations need to take cyber risk management more seriously.
The worry is that viable, affordable cyber insurance may become "collateral damage'' - another casualty of the war.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Mr
Level 31,
3000
Tel: 38623 3333
Fax: 38623 3399
E-mail: bdwyer@kordamentha.com
URL: www.kordamentha.com
© Mondaq Ltd, 2022 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source