Cyber insurance premiums likely to increase as Russia continues to wage war

The caution comes amid stories of the risks that cyber warfare may play a key role in Vladimir Putin’s campaign of aggression in eastern Europe. Ukraine has long been the victim of sustained cyberattacks leveraged by groups close to the Kremlin, with news breaking recently of a new data-deletion hack that threatens the security of nations around the world.

Officials in the US have sent out advisory messages through the last month of the danger posed by bad actors linked to Putin’s regime, who may be hitting private industry and critical IT systems providers with malware, ransomware or other viruses designed to bring down vulnerable infrastructures.

While the invasion of Ukraine does not necessarily mean a spike in new cyber claims is inevitable, each claim is different, says Jim Auden, managing director and head of US and P&C Insurance at Fitch Ratings. Auden has now stated that insurance providers should work as though there is little protection to work with.

“To what degree cyber premiums will increase is still too early to tell. We may have more clarity in the coming weeks, though a sharp increase is not out of the realm,” Auden said.

Auden underlined how firms are already taking measures to bolster internal cybersecurity policies and procedures to reduce risk.

Fred Eslami, associate director at credit rating agency, AM Best, has described Russia’s war on Ukraine as potentially the first major conflict in which activists supporting the defending nation are using their hacking skills to disrupt the aggressor’s strategy, through the targeting of official Russian websites, and those of key industry and commerce entities.

Eslami said:

“As for coverage, however, there is something of a grey area as evidenced by the protracted court cases in the NotPetya attack aftermath, so there could be different interpretations if these activists are considered state actors or otherwise.”

Pressure to raise costs and tighten underwriting criteria mounted on cyber insurance providers for many weeks in the run up to Russia’s invasion. Insurers have had to deal with ransomware attack campaigns, as well as online strikes against supply chains through private industry and critical infrastructure providers in North America and throughout other countries.

Annmarie Giblin, a partner at Hinshaw & Culbertson LLP, said:

“Regardless of the crisis in Ukraine, companies of all sizes will likely be seeing higher premiums and stricter underwriting this renewal season.”

Beyond greater cybersecurity risk associated with Covid-19, the war in Ukraine and other risk factors, Giblin explained that there is also a steady evolution in experts’ definition of “reasonable” standards when it comes to defence in cybersecurity risk management programmes.

A spokesperson for the European Insurance and Occupational Pensions Authority, said:

“As attacks on financial institutions increased over time, [now] it is increasingly important that the industry intensively puts its focus on the management of cyber risk.”