The war in Ukraine and systemic cyber threats are creating challenges for the global insurance market
Oleg Parashchak, CEO of Finance Media, editor-in-chief of Insurance TOP, Forinsurer and Beinsure Media
The war in Ukraine created a complex web of risks and geopolitical alliances, where national strategic interests were temporarily set aside to determine direction at the transnational level. Cyber warfare and the accompanying risk of systemic losses have long cast a shadow over the cyber insurance market. According to the Howden report, this issue became even more urgent after the start of the war in Ukraine.
Systemic cyber threats create problems for an insurance market built on underwriting mostly geographically limited and uncorrelated risks, making it difficult for insurers to assess potential losses and determine adequate rates.
9% of SMEs that purchased cyber insurance said the Russian-Ukrainian war was a key factor in their purchase. Almost one in ten companies that purchased insurance coverage did so as a precaution against the Russian-Ukrainian war. The leading factors were an increase in working from home during the pandemic (27%) and media reports of cyber attacks (26%).
Although cyber risk lags behind several other key drivers, companies expect insurance payouts if they become victims of a cyber attack for this reason.
Despite the fact that there has been no major cyber attack since the invasion of Ukraine, the issue of cyber insurance and military risk exclusions has taken center stage as insurers seek to clarify their position on cyber warfare and insurance buyers seek reassurance that existing levels of protection will be saved.
The stabilization of cyber insurance prices in the second half of 2022 and the first half of 2023 has led to an improvement for those customers renewing their coverage, which is really good news in terms of attracting new buyers and expanding the market.
For existing customers, rate increases and coverage restrictions that insurers introduced when the tight market was in full swing were not critical to customers who continued to see value in insurance protection.
According to the Marsh broker, by 2022 the prices of cyber risk insurance have increased by 150%, now they have increased by an average of 10-15%. In some cases, there is a decrease of 10% to 25%. This stabilizes to the point where clients can actually budget and plan for the cost of this.
Underwriting and pricing have also become more predictable. Sudden price changes two weeks before reinsurance contracts come up for renewal in July have not been unheard of in the past, but now insurers can once again hold formal negotiations to change them.
Inconsistencies in the terms and wording of cyber insurance and reinsurance policies, their legal validity, as well as the circumstances and context of each cyber attack, have been a concern even before the war in Ukraine and have become more important as the military conflict progresses, and geopolitical tensions are escalating in other directions.
Although “cyber terrorism” notes have made their way into many traditional military risk exclusions, insurers’ interpretation of the “terms” and “concepts” is often broader than originally defined.
According to the standard wording of the contracts, losses are not covered if they 1) arise directly or indirectly as a result of physical warfare and/or 2) as a result of a cyber attack carried out as part of a physical war, and/or 3) as a result of a state-sponsored cyber attack that causes a significant detrimental effect for basic services necessary for the functioning of a sovereign state.
One of the key additions to the new war exclusion is the return for clause 3), which restores cover if any collateral damage is caused to assets in countries that were not directly targeted.
Therefore, if the incident extends beyond the target country, within the global network, only losses related to the local failure will be excluded, not wider cross-border losses. This level of clarity and scope of insurance coverage is not found in traditional war exclusions.
The details of the definition add to the differences from the traditional exemptions. War is defined as “armed conflict involving physical force,” while the “significant harmful effect” clause introduces an impact threshold that means the exception must only come into play when a country’s ability to “function” is threatened.
Cyber warfare provided only a few notable skirmishes in the Russian-Ukrainian war. But fears remain that the scale and frequency of digital attacks on financial, industrial and government targets in Ukraine and among its allies could increase.
Although the large-scale cyberattacks that were widely predicted in the run-up to the war in Ukraine have yet to occur, the past 18 months have seen a marked increase in the number of Wiper malware attacks.
Russian cyber activity directed at the West has not seen a noticeable increase, except in countries near the conflict zone, especially Poland.
Decline apprehension that untargeted cyber attacks could spread beyond the conflict zone or even provoke a NATO response if deemed an act of war has so far restrained Russia’s cyber ambitions.
While the current geopolitical climate has focused attention on state-sponsored attacks, the activities of lower-level criminal groups still pose the greatest threat to Western business.
Of the $10 billion in cyber-related losses reported by the FBI in the US last year, most were caused by criminal groups rather than state-sponsored entities.
The FBI report details more than 800,000 complaints related to cybercrime. Over the past five years, a total of 3.26 million claims were received for damages amounting to $27.6 billion.
TOP-5 types of cybercrime
- Phishing: 300,497 complaints
- Breach of personal data: 58,859 complaints
- Non-payment/non-delivery: 51,679 complaints.
- Extortion: 39,416 complaints.
- Technical support: 32,538 complaints.
The FBI also outlined various threat assessments in its report. These reviews included business email compromise, investment fraud, ransomware and call center fraud.
The top five sectors affected by ransomware include healthcare and public health, critical manufacturing, government agencies, information technology, and financial services.
For example, the Wiper malware discovered in Ukraine in recent years has very low self-replication capabilities compared to the Russian-linked NotPetya ransomware in 2017, which emerged in Ukraine and then wreaked havoc across the whole country
It is also possible that Russia is focusing its external cyber efforts on espionage, both to prepare for future attacks and to gather intelligence about other countries’ reactions to the war.
Pro-Ukrainian cyber activity has mostly focused on leaking classified information and other confidential material, although hackers from other post-Soviet countries recently lifted an unofficial embargo on attacks on Russian-language companies to protest Russian aggression.
How cyber deployment plays out in any war depends largely on the warring factions involved, but developments in Ukraine may offer some insight into future conflicts where at least one of the state “cyber players” has advanced cyber capabilities, such as China. Israel or the USA.
According to Beinsure Media’s report on cyber security trends, the combination of military and cyber targets is one such area. Having focused some of its conventional military efforts on seizing physical cyber infrastructure, such as network cables and data centers, Russia has made dominating Ukrainian cyberspace a clear military objective, as evidenced by recent leaks from the Vulkan declassification.
There is also precedent for governments to impose severe economic sanctions to protect criminals and encourage cybercrime to boost their own economies.
Russian cyber activity was undoubtedly further consolidated during the war, increasing the potential for the state to carry out strategic attacks on Western targets disguised by the actions of criminal groups.
Source: Interfax-Ukraine