War is known to significantly tax a nation’s infrastructure and, in most cases, can take a serious toll on financial resources for both the private and public sectors. Due to the unpredictable and potentially extensive damage and impacts caused by war, most insurance policies contain an “Acts of War” exclusion. This insurance company solvency protection is of particular importance as it relates to the known direct commercial facility or personnel damage that may result from war, but is far less understood when it comes to the impacts of cyber warfare.
Most war exclusions would deny coverage for company benefits or financial relief under your cyber insurance policy when losses are caused by war-related events. This protection is provided for the insurer but puts companies in a particularly dangerous position when it comes to cyber warfare. Let’s explore these dangers so you can adequately prepare for this exclusion during wartime.
Most Policies include coverage for recovery from a cyber incident. In nearly all cases, policies provide insureds with incident response services that include forensics, legal, PR, and possibly notification services in addition to financial compensation for lost revenue, breach fines, or other direct costs incurred when a breach or incident occurs. In most cases, companies rely exclusively upon this insurance for all incident response assistance. So, what happens when your company is attacked during active cyber warfare campaigns and your ability to respond is impaired when your insurance company denies your claim under this exclusion?
The denial of coverage will first result in your company being left to respond without assistance. This means that you will need to procure and acquire these response services directly in order to respond and recover from the attack. This also means that you will bear the costs of the event despite your investments in this insurance product. This is a common scenario for disasters under the “Acts of God” exclusion that is often times offset by FEMA and the US government in times of crisis. Unfortunately, no such agency exists for cyber-attacks. Therefore, it should be expected that you are potentially on your own for the time being.
Let’s think ahead and play this scenario out a bit more. How will you handle a potential supply chain shortage for response and recovery services such as forensics, legal, PR, IT service recovery, etc. if several targets are being hit at once? Anticipate that the FBI, Secret Service, and Department of Homeland Security Critical Infrastructure Protection response personnel are no longer focusing on Victim Impact Assessment cases based on costs but shift their response priorities to critical infrastructure. How will your company be prioritized?
Preparing for a wartime cyber defense transition should include an analysis of your advance directives and preparation for prioritized response in such scenarios. Plan for cases where you will not have access to response assistance from your insurer, personnel from third party companies, or public agencies.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.