Cyber insurance companies may face more demands for coverage -- and larger losses in payouts -- than normal as the situation in Ukraine grows worse. Not only has Ukraine's infrastructure been hit, but allied/western countries are at greater risk as well. Federal officials in the US have warned US companies repeatedly to be on what is essentially a war footing as it relates to cyber defenses. It is not only Russia itself, but also hacker groups willing to support Russia/defy the west, who pose threats.
In the face of all that, companies that write cyber policies are bracing for a larger claims load than normal.
Why it Matters
What cyber insurers must cover is still a new area of legal thought and has not been thoroughly thrashed out in court (or regulated). There is some precedent that malware attacks, even if they originate from a state actor, may be covered despite an "acts of war" policy exclusion. The scope of such an exclusion and the nuances of other policy clauses will decide whether insured companies or their insurers cover millions, possibly billions, in losses if the cyber aspect of the Russian invasion spreads widely in the west.
All companies in the US would be wise to check and upgrade their cyber defenses immediately: malware and other attacks are crippling and potentially devastating for small businesses.