Slash Boxes

SoylentNews is people

posted by martyb on Monday February 18 2019, @08:36AM   Printer-friendly
from the GIMO:-Garbage-in-Money-out dept.

Picked via cryptogram, with the original here

...with reliance on all things digital skyrocketing, cyber threats now pose grave, even existential, dangers to corporations as well as the entire digital economy. In response, companies have begun to develop a cyber insurance market, offering corporations a mechanism to manage their exposure to these risks. Yet the prospects for this market now seem uncertain in light of a major court battle. Mondelez International is reportedly suing Zurich Insurance in Illinois state court for refusing to pay its $100 million claim for damages caused by the 2017 NotPetya attack.

Mondelez's claim represents just a fraction of the billions of dollars in collateral damage caused by NotPetya, a destructive, indiscriminate cyberattack of unprecedented scale, widely suspected to have been launched by Russia with the aim of hurting Ukraine and its business partners... According to reports, Zurich apparently rejected Mondelez's claim on the grounds that NotPetya was an act of war and, therefore, excluded from coverage under its policy agreement. If the question of whether and how war risk exemptions apply is left to the courts to decide on a case-by-case basis, this creates a profound source of uncertainty for policyholders about the coverage they obtain.
Many hurdles stand in the way of insurance providing a more robust solution. Data on cyber risks are scarce, and the threat is evolving constantly, often rendering data obsolete before they can be used. That means actuaries lack a credible repository of information to accurately price cyber risk. Moreover, NotPetya and other attacks with cascading effects have reinforced fears of aggregation risk, meaning the potential for a single incident to cause simultaneous losses across multiple policyholders. If Zurich had underwritten even a handful of the major corporations disrupted by the attack, it could have faced catastrophic losses from just one incident. This is a particularly acute concern for reinsurers—companies that provide stop-loss coverage, or protection against unsustainably costly claims, to other insurers—making both reinsurers and primary cyber insurance providers naturally hesitant to support more extensive cyber underwriting. The lack of adequate reinsurance backing means that carriers may become overwhelmed with claims if a systemic cyber incident causes simultaneous losses across many policyholders.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Hyperturtle on Monday February 18 2019, @03:55PM (1 child)

    by Hyperturtle (2824) on Monday February 18 2019, @03:55PM (#803003)

    Ding! I'd come into the comments to write the same thing if someone didn't beat me to it.

    Act of War, Act of God--these terms can broadly include a whole lot of exclusions when there is no agreed upon definition of what constitutes digital warfare and how to prove it, or when the accepted 100 year flood plains are suddenly experiencing floods every 5 years and no one wants to be responsible to revise them for any reason, because it means more payouts no matter what happens. It used to be so much easier to simply take peoples money with a low chance of payout.

    Now because Cloud (in the sky or on the line), I expect that there'll be as many excuses as they can get away with before some sort of onerous regulation is required when self-policing only yields repeatedly getting out of jail for free for the insurance companies.

    (If it could somehow be blamed on squirrels, everything would get paid, I am sure...)

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by All Your Lawn Are Belong To Us on Monday February 18 2019, @04:12PM

    by All Your Lawn Are Belong To Us (6553) on Monday February 18 2019, @04:12PM (#803015) Journal

    Actually, the most clever act on the part of insurance companies is how they got acts of terrorism blanketly defined as acts of war. I'm not fully sure if I agree with it, but this article [] was interesting reading. The point is that while War has historically been reserved for state actors working against other entities (states, nations, etc), this also gives an out because if terrorism is an act of war instead of a crime then all it takes is having terror motivations behind hacking to give the insurance company an out.

    In this case if it really is a state actor doing the damage we as a society have allowed it as a defense by blindly accepting terms like "cyberwarfare" to become part of the lexicon without challenge. And not entirely without justification and, as usual, the U.S. certainly has virtual cyber-blood on its hands as well (Stuxnet... anyone want to defend that its deployment was *not* an act of war by a state actor? Just one that is still deniable. Even if it worked out well for the U.S. and Israel?)

    And yes, it shows that "cyber insurance" isn't worth it, because we're worried about the end product of the threat and not the cause. (Not entirely unlike floods being disallowed from homeowners policies).

    This sig for rent.