As the situation in Ukraine intensifies, and cyberattacks are being used against banks and other organizations within and outside of Ukraine and Russia, what does this mean for financial institutions going forward and can insurance help?
Several Ukrainian government websites were offline on 23 February as a result of a mass distributed denial of service attack.
It was reported that several Ukrainian government websites were offline on 23 February as a result of a mass distributed denial of service attack and that a number of banks were also impacted. Russia is of course suspected to be involved in this attack; however, this has not been confirmed. There was also a previous report of an attack last week that took down four Ukrainian government websites; Russia further denied responsibility for this attack.
We recently released a client alert, which provides some helpful guidance regarding what should you do. The outcome of a cyberattack can cause significant financial, operational and reputational impacts to financial institutions. While the linked client alert mentions the potential impact on cyberinsurance policies, is there potential for a comprehensive crime policy to also respond?
Comprehensive crime policies are intended to respond to specific events that cause a direct financial loss to the insured. Extortion coverage has been widely available under crime policies for many years.
Over the last decade however, the coverage has expanded to include more cyber-related perils due to the rise of ransomware attacks. As these attacks evolved and became more sophisticated, this led to organizations considering stand-alone cyberinsurance policies as a solution to protect their business and their customers’ data.
It was apparent that there was an overlap between crime and cyber policies, which would need to be addressed. Due to the rise in cyberattacks – and more specifically ransomware attacks – some insurers are looking to exclude cyber extortion cover from crime policies and to signpost coverage, as well as any potential recovery of loss to a cyber policy.
Some insurers are looking to exclude cyber extortion cover from crime policies.
Where coverage remains within a comprehensive crime policy, given the current Russia-Ukraine situation, some consideration should be given to the war and terrorism exclusion. Some of the ransomware attacks that took place prior to this most recent conflict were being conducted by state-backed entities, including some cases perpetrated by Russian state-backed entities. This has brought the war and terrorism exclusion into the limelight. Most, if not all, comprehensive crime policies (and usually cyber policies) have a war and terrorism exclusion. The language can vary from policy to policy and jurisdiction to jurisdiction and, as such, so can its interpretation.
Given the variation between individual policy wordings, it is difficult to determine whether a comprehensive crime policy (or a cyber policy, for that matter) will respond to a cyberattack which either causes a direct financial loss or involves a cyber-extortion event relating to the current Russia-Ukraine situation. Financial institutions should however do their due diligence on their coverage and review their current war and terrorism exclusion under their crime and/or cyber policies.
A few things to consider:
It is likely that insurers will also be taking a closer look at the language, particularly where it is likely that the Russian state is in some way involved.
Talk to a member of the Financial Institutions team, or our Cyber Crime Task Force, which is a dedicated team of experts, to discuss what coverage is available under your insurance policies and programme and how we can assist you in navigating this complex situation as it unfolds.
Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.