Carolyn Cohn and Noor Zinab Hussain

LONDON (Reuters), Despite the policy formulation intended to make them exempt from war-related claims, cyberattacks resulting from Russia’s invasion in Ukraine could lead to multi-billion-dollar damages for insurers, according to industry sources.

After the attack on Ukraine, Feb. 24, and Western sanctions against Moscow by the West, the U.S. government claimed last week that they had witnessed “preparatory Russian hacking activity directed at many U.S. firms,” but it stated it didn’t know if such an attack would take place.

While banks were warned about cyber attack risks by Western financial regulators, no confirmed cases have been made.

European and U.S. insurance companies have seen their premiums rise due to increased costs and the prevalence of ransomware attacks.

According to industry sources, claims could reach $20 billion if Russia launches a massive cyberattack that reaches several other countries. This is similar to the insurance claims resulting from large hurricanes in the United States.

Insurers also have to consider losses from conflicts in other business areas, such as aviation. Aviation is particularly vulnerable to Russia’s “special military operations” to disarm Ukraine.

Lloyd’s of London was one of the biggest cyber-insurance companies in the world, and said it had suffered “major claims” from the invasion.

Cyber insurance is a type of cyber insurance that covers the cost to repair hacked networks and pay ransom for business interruptions. Fitch, a US market ratings agency, estimates it has reached over $2.7 Billion.

They do not protect war or attack by the so-called state-sponsored actors.

However, it is not always easy to find the cyber attacker.

Bruce Carnegie-Brown, chairman of Lloyd’s of London, said that defining what state sponsored is difficult. We need to review these policies and ensure that customers are clear about what they cover and are not.

AMBIGUITIES

Even if insurance companies can show that cyber attacks were caused by the conflict in Ukraine it may not suffice to protect them.

Although cyber insurers are more conscious of the ambiguities inherent in insurance, some take longer to adjust.

Marcos Alvarez is head of insurance for ratings agency DBRS Morningstar. He said policy words can differ from one insurer to another and that they can be interpreted.

It is possible that this could lead to disputes between policyholders and insurers over coverage. This would be similar to the business interruption cases, which were brought to court around the globe since COVID-19.

Cyber terror attacks are a grey area that is generally covered by insurance.

Terror tends to be more defined than war. However, Westlaw defines it as “terrorism.” Thomson Reuters Last week, the company (NYSE:), stated that cyberterrorism can be defined broadly as an attack on a computer network with the “intent to do harm” to further’social, ideology, religious economic or political purposes.

According to Yosha DeLong (global head for cyber policy at Mosaic), cyber policies could cover policyholders “quite extensively” if they are involved in cyber or cyber terrorist attacks.

It’s the clients’ advantage to have ambiguous language on policies, and not the insurers.

Another risk is “silent cybersecurity”, where businesses may have policies that do not explicitly exclude cyberattacks, but they could look to make a claim.

A New Jersey court ruled in January in favour of Merck & Co over a $1.4 billion insurance claim for the 2017 NotPetya cyber attack, which the White House blamed on Russia.

Some cyber insurance companies are looking at broad exclusions to reduce risk. This is according to Meredith (NYSE 🙂 Schnur. She’s a leading U.S. cyber broker Marsh.

CHANGING TACTICS

Analysts at Eurasia suggested that Russia could lose its military capabilities, which would lead to cyberattacks.

After Russia’s promise to reduce military activities around Kyiv, some Russian units that suffered heavy losses were forced to leave and return to their homelands.

Cyber attacks were reported by CyberCube earlier in the month.

Cybercriminals are targeting Russian businesses and government offices, CyberCube reported. Some attacks also reached Belarus, Poland and Lithuania, CyberCube added.

Ransomware attacks, where hackers encrypt victim’s data and then demand ransom money to unlock it, are also putting pressure on cyber insurance premiums.

Coveware cyber security firm compared ransomware attack profits last year of more than 90% to gains Colombian cocaine cartels achieved in 1992.

According to Marsh, cyber insurance rates increased by 130% in America and 92% in Britain during the fourth quarter.

According to industry sources, similar rates of growth are expected this year.

One consultant stated that rate rises are already wildly variable. He gave an example of a British small business that had seen its cyber insurance premium jump to 450,000 Pounds ($590,940.00) after it was 80,000 Pounds.

According to the consultant, “Everyone has seen their prices rise and they are likely to go higher still,” he stated. “Ukraine and Russia are just putting more stress on premiums and availability.”

($1 = 0.7615 pounds)

(Ediitng By Emelia Sithole Matarise