In Ukraine, a cyberattack can mean a freezing night without power. But in the United States, it often seems like just one more unavoidable hassle of modern life. People change a few passwords, maybe sign up for credit monitoring, and then go on with life. But for the organizations on the receiving end—Target, Equifax, the federal government’s Office of Personnel Management, just to name a few—a cyberattack can mean scrambling to get systems back on line, setting up response war rooms, and, of course, paying huge bills for missed orders or new equipment.
And US businesses may no longer be able to rely on insurance to cover their losses. In an era of unceasing cyberattacks, including cases of state-sponsored hacking, insurance companies are beginning to re-interpret an old line in their contracts known as the “war exclusion.” Stripping away the metaphorical connotation of the term “cyberwarfare,” big insurers like Zurich Insurance have decided that state-sponsored attacks are basically just plain warfare. This shift comes as the US government is increasingly attributing state-sponsored cyberattacks to their alleged perpetrators, a development that some argue is a means of holding bad actors accountable.
But the policy certainly doesn’t seem to be doing any favors to the private sector.
(Score: 5, Informative) by JoeMerchant on Monday April 29 2019, @02:44PM
Insurers Balk At Paying... full stop. Keeping premiums low and profits high, that's most of their job.
Cyberattacks are new, different, weird, and the expenses attributed to them can be more wildly inflated than a pain and suffering claim. Of course they're going to push back.
Look for specifically worded "cyber-riders" to start appearing, just like coastal flooding, windstorm, and anything else that has the potential to cost the industry tens of billions per event. Insurance isn't good at handling broad-scale simultaneous failure, it's much better at individual events like car crashes and simple traditional robberies.
🌻🌻 [google.com]