Ongoing cyberattacks in the war between Russia and Ukraine will force insurers to tighten rules and raise premiums. This is necessary as polices on “war exclusion” or “hostile act exclusion” becomes old and weak.
The need to enforce stricter rules came after a court ruled in favor of Merck, a pharmaceutical company. The ruling found an insurer liable for losses stemming from the 2017 NotPetya malware attack.
Cyber policies for U.S. P / C insurers typically include “war exclusion” or “hostile act exclusion.”
While Merck claimed to have suffered significant losses of $1.4 billion, the ruling said Merck was entitled to a summary judgment because the war exclusion language was not applicable.
The court ruled that Merck was entitled to assume that the exclusion only applied to traditional forms of warfare because the insurer had failed to change the language of the contract.
The stricter contractual rules and higher premiums are caused by cybersecurity risks arising from COVID-19, the Ukrainian war, and others. However, insurers are also using these rules to change “reasonableness” standards of what an effective cybersecurity risk management program should include.
For more information read the original story in CIO DIVE.
