#1 Trending Cyber Security News & Magazine
Saturday, June 10, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Google Secure AI Framework

    Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    OneDrive outage

    Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    DEVILS SEC Joins KILLNET

    Ukraine at Risk: DEVILS SEC Joins KILLNET in Support of Russia

    Severity Vulnerabilities in Mozilla

    High Severity Vulnerabilities in Mozilla Fixed, Update Now!

    NoName Hacker Group

    NoName Hacker Group Sets Sights on Swiss Parliament and SSG in Cyber Assault

    Google Chromium vulnerability

    Have Your Patched This Google Chromium Vulnerability Yet?

    Operation OpSweden

    When Hackers Take the Bait: ‘Sex Championship’ Ruse Sparks Operation OpSweden

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Google Secure AI Framework

    Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

    OneDrive outage

    Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

    DEVILS SEC Joins KILLNET

    Ukraine at Risk: DEVILS SEC Joins KILLNET in Support of Russia

    Severity Vulnerabilities in Mozilla

    High Severity Vulnerabilities in Mozilla Fixed, Update Now!

    NoName Hacker Group

    NoName Hacker Group Sets Sights on Swiss Parliament and SSG in Cyber Assault

    Google Chromium vulnerability

    Have Your Patched This Google Chromium Vulnerability Yet?

    Operation OpSweden

    When Hackers Take the Bait: ‘Sex Championship’ Ruse Sparks Operation OpSweden

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cyber Essentials Compliance

Cybersecurity incidents may soon be ‘uninsurable’

The cyber insurance industry to face fundamental changes as insurers turn reluctant due to their increasing disruption caused by cyber-attacks, notes Zurich insurer CEO

Chandu Gopalakrishnan by Chandu Gopalakrishnan
December 27, 2022
in Compliance, Features
0
cybersecurity
614
SHARES
3.4k
VIEWS
Share on LinkedInShare on Twitter

Cyber-attacks are becoming “uninsurable” due to their increasing disruption, Mario Greco, the CEO of insurer Zurich, told the Financial Times. A closer look at the cyber insurance events that unfurled in the past twelve months shows that Zurich is not the first insurer to adopt that stand. And certainly, not the last.

Insurance executives have been increasingly concerned about risks such as pandemics and climate change, which have caused natural catastrophe-related claims to be expected to surpass $100 billion for the second year in a row.

You might also like

Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

A Tale of Two US Audits: Why Does Government Cybersecurity Preparedness Fail Miserably?

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

However, Greco argued that the bigger risk to watch is cyber-attacks, which have the potential to disrupt vital infrastructure and disrupt society.

Russia, Ukraine, and the cybersecurity landscape

In recent years, rising cyber losses have led insurers to take emergency measures, such as raising prices and altering policies to have clients retain more losses, in order to limit their exposure.

Zurich American Insurance last month settled with Cadbury’s owner Mondelez International over the insurer’s refusal to cover the US-based company’s $100-million-plus loss following the 2017 NotPetya outbreak. German pharmaceutical business Merck in January won a lawsuit the company filed against its insurer, Ace American, which declined to cover the losses caused by the NotPetya ransomware attack.

While Merck was hailed as a landmark case, Mondelez is likely to become the last of the million-dollar cyber insurance lawsuits. In between these two verdicts, a major event happened that changed the landscape of cyber insurance: the Russian invasion of Ukraine.

Merck and NotPetya

Data on more than 40,000 Merck systems was lost as a result of the NotPetya event, which occurred in June 2017 and affected hundreds of businesses worldwide. Merck assessed the loss at $1.4 billion, which included a loss from lost production, expenses for hiring IT specialists, and expenses for purchasing new equipment to replace all impacted systems.

A $1.75 billion “all-risk” insurance policy that included software-related data loss incidents was in place at the time for the corporation. However, insurer Ace American argued that the NotPetya assault was a component of Russian hostilities against Ukraine and, as such, was covered by the typical “Acts of War” exclusion provision that is contained in most insurance contracts.

Merck sued Ace American in November 2019, claiming that the Acts of War clause should not apply since the attack was not “an official state action”. The exclusion provision, according to Merck’s legal team, should not apply to their client since it contained language that restricted the Acts of War to legitimate government organisations and did not expressly identify cyber-related incidents.

The Wired magazine, which analysed the malware and its path in detail, declared that “​​the release of NotPetya was an act of cyberwar by almost any definition,” adding fuel to the insurer’s claim.

Judge Thomas J. Walsh of the New Jersey Superior Court ruled on January 13 that Merck’s insurers cannot rely on the war exclusion since its language is intended to apply to armed conflict. Despite a pattern of assaults by nations like Russia against private sector corporations, the ruling observed that insurers didn’t amend the war wording to “put on notice” companies like Merck that cyberattacks wouldn’t be covered.

Meanwhile, in Ukraine

Two months later, Russia invaded Ukraine. In the first global conflict where the internet became a battleground, Russia intensified its long-standing campaign of cyberattacks against Ukraine to unforeseen levels. In retaliation, the West and an army of volunteers boosted the Ukrainian cyberattack capabilities.

Russian state-sponsored threat groups began to target the critical infrastructure of Ukraine’s allies. Take the case of Italy. While cyberattacks were common in that country, the scores were nowhere near that of the US or its European peers Germany and the UK. The numbers spiked after Italy extended its support to Ukraine in the ongoing war against Russia.

“The ever-increasing threat landscape due to the Russia-Ukraine conflict has fundamentally transformed the attack surface due to frequently disclosed vulnerabilities and exposures. Meanwhile, the increasing complexity of tools and techniques adopted by the threat actors has revealed the gaps in the cybersecurity infrastructure of Italian organizations and entities,” said a Cyble advisory about cyber-attacks on Italy.

Italy’s foreign minister disclosed in September that the cyber-attacks on western European companies, and Italy in particular, have risen following the Russian invasion of Ukraine. The statement came after state-sponsored hackers started targeting energy companies in Italy that month.

Attacks mounted, and so did the moves to claim insurance for cyberattacks. Insurers, on the other hand, began preparation to minimise cyber insurance coverage.

Insurance and hospital gowns…

What’s common in insurance and hospital gowns? They never cover you fully! This business joke is a harsh reality when it comes to cyber insurance. In August, Lloyd’s of London announced that all standalone cyber insurance policies underwritten by members of Lloyd’s marketplace from March 2023, “must exclude liability for losses arising from any state-backed cyberattack”.

Cyberattack coverage “if not managed properly… has the potential to expose the market to systemic risks that syndicates could struggle to manage,” the corporate body told its members.

Lloyd’s of London, generally known simply as Lloyd’s, is an insurance and reinsurance market located in London, England. Unlike most of its competitors in the industry, it is not an insurance company; rather, Lloyd’s is a corporate umbrella body of insurers.

Lloyds members are spread across 50 leading insurance companies, over 350 registered brokers and a global network of over 4,000 cover holder offices. They pay out close to £60,000 in claims per minute.

On the other hand, attack surface was growing as global organizations rolled out more applications, wrote more code, hired more remote workers, and connected more physical systems to networks.

Warren Buffett was the first business leader to warn about the potential, big-ticket harm for the insurance industry.

“Cyber is uncharted territory. It’s going to get worse, not better,” he said at the Berkshire Hathaway 2018 Annual Shareholders Meeting. “There’s a very material risk which didn’t exist 10 or 15 years ago and will be much more intense as the years go along.”

Buffett stated that he doesn’t want Berkshire’s insurance operations to have a lot of underwriting exposure to cybersecurity issues. He pointed out that while the corporation does a “pretty good idea” of estimating the likelihood of earthquakes in California and hurricanes in Florida, it does not do so for dangers from computer hacking. No insurance provider can evaluate the risk of cybersecurity-related incidents accurately, he added.

With the unprecedented hike in cyberattacks post COVID, the risk for insurers was becoming larger.

Mondelez and NotPetya

Meanwhile, the Mondelez lawsuit was going on in the US. The global food and confectionery business sued Zurich insurance in 2018 after it refused to cover the NotPetya damages. By then, governments including the US, the UK, Canada, and Australia had issued coordinated statements attributing NotPetya to the Russian government.

“It was perhaps the most extensively and authoritatively attributed cyberattack ever, especially in the context of breaches which often give rise to disagreements about attribution and how definitively it can be performed,” said an analysis of the Mondelez case by The Brookings Institution, a US-based non-profit public policy organization.

However, the general consensus was that most cyber intrusions and breaches are perpetrated by governments, and if all of those are viewed as being beyond the purview of cyber insurance coverage then cyber insurance could become largely useless for many policyholders dealing with a wide range of incidents from espionage to ransomware.

“If Mondelez wins that means insurers will either have to cover a much broader range of cyberattacks or rewrite their coverage to exclude new categories of damages that go beyond warlike actions,” the Broking report continued.

“On the other hand, if Zurich wins the case, then policyholders may decide that there’s little point in purchasing cyber insurance, forcing insurers to craft new language for their policies to reassure customers that at least some government-sponsored cyberattacks will still be covered.”

Mondelez argued vigorously that its cybersecurity policy covered all sorts of events. NotPetya damaged 1,700 of its servers and 24,000 laptops, leaving staff unable to use systems, applications, and data.

As a result of the damage caused both to its hardware and operational software systems, MDLZ incurred property damage, commercial supply and distribution disruptions, unfulfilled customer orders, reduced margins, and other covered losses aggregating well in excess of $100,000,000,” according to court documents filed by Mondelez.

Is there no respite?

When insurance businesses started offering cybersecurity coverage, the scale of damage perceived was negligible and the premiums were cheap. NotPetya was an eye-opener, and the Russian invasion gave a taste of what cyberwarfare can cause.

If global cyber insurers follow Lloyd’s nation-state exclusion’s governments will have to step in and offer some kind of cyber insurance scheme. There is also a possibility of mass consumer movement which might bring changes to insurance policies and cyber attribution.

The US Treasury published a request for comment on questions related to cyber insurance and cyber incidents. “Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency,” said the announcement.

The fact remains that even the governing bodies fall under huge cyber risks. The Cyber Express found out in November that the Insurance Regulatory Authority of India (IRDAI) faced a ransomware attack, in which crucial data of insurance companies were accessed by threat actors.

It is a given that there will be at least one catastrophic cyber incident that would cause insurance firms to go bankrupt. Perhaps before that, either a government reform or a consumer revolt will happen.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: cyber insurancecybersecurityInsurance Regulatory Development Authority of IndiaNotPetyaRussiaUkraine
Previous Post

The Six Ransomware Upstarts of 2022

Next Post

“The sooner you introduce security, the earlier you spot risks”

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

Google Secure AI Framework
Features

Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

by Chandu Gopalakrishnan
June 9, 2023
Government Cybersecurity Preparedness
Features

A Tale of Two US Audits: Why Does Government Cybersecurity Preparedness Fail Miserably?

by Chandu Gopalakrishnan
June 8, 2023
DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

by Editorial
June 3, 2023
online scams
Features

How Do ‘Nigerian Prince’ and Other Online Scams Hoodwink Us?

by Vishwa Pandagle
June 1, 2023
Martin Sloan, Five Years Of GDPR
Compliance

Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

by Chandu Gopalakrishnan
May 28, 2023 - Updated on May 29, 2023
Next Post
Security

"The sooner you introduce security, the earlier you spot risks"

Latest Issue is Out. Subscribe Now

Cyber express

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

Google Secure AI Framework
Features

Google Secure AI Framework and the Greater Issue of AI Safety and Regulations

June 9, 2023
LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack
Firewall Daily

LockBit Threatens to Publish Data Stolen From Cortina Watch Cyber Attack

June 9, 2023
OneDrive outage
Firewall Daily

Microsoft Hacked? OneDrive Services Disrupted, Anonymous Sudan Claims Responsibility

June 9, 2023
Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued
Firewall Daily

Critical Vulnerabilities in VMware Aria Operations for Networks Spotted; Patch Issued

June 8, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance