Are Cyber War & Cyber Terrorism Insurable?

Uploaded on 2015-02-25 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-Financial

The frequency of cyber war and terrorism is no longer the risk. The magnitude of the potential damages is the real threat.

11de51c3-a3c4-46b5-af96-a61d70cd24ee.jpgIt's conceivable that an enemy of the US government could hack a US energy, water, or fuel distribution system causing loss of life, severe physical damage to property, or insurmountable financial damage to a non-government business. In 2007, the Department of Homeland Security conducted the "Aurora Generator Test" involving the turbine of an electricity generator that burst into smoke in the Idaho National Laboratory, ultimately causing failure of the device. Engineers determined that by simply changing the operating cycle of a power generator remotely via computer, the turbines could set fire, eventually destroying the machine. For a public or private company, the concern is whether a cyberattack on the U.S. government causing ancillary damage is insurable under a cyber liability insurance policy. The answer is not black and white.

Although the government's definitions of cyber war and cyber terrorism are limited in scope to attacks on the US government, the government's definitions are a useful resource in analyzing whether a war and terrorism exclusion would apply to bar coverage to a public or private company under a cyber liability policy.

At a cybersecurity insurance workshop hosted by the Department of Homeland Security's National Protection and Programs Directorate, the majority of attendees believed that "catastrophic" cyber risks that the federal government should be responsible for are currently uninsurable. Before denying coverage under a terrorism and war exclusion, carriers must evaluate, among other things, whether: 1) it's clear that an act of terrorism or war has occurred, and 2) a more specific exclusion addressing cyber terrorism or war is included in the policy. Yes, the United States is able to pinpoint the origination of a cyberattack by a foreign enemy, but will cyber liability insurance cover the risk of loss?

This issue has no simple conclusion given the increased frequency and severity of cyberattacks. Courts are faced with the challenge of interpreting whether a war and a terrorism exclusion limits coverage under a cyber liability policy when a foreign enemy attacks the US government, causing damage to a public or private company. If a company has a cyber liability policy, the prudent course of action is to negotiate the inclusion of cyber war and terrorism coverage to avoid the risk of loss from the secondary physical or financial damage to a public or private company caused by a war or terrorist act on the US government.   jd supra 

« Digital Future: UK Government is preparing for Robot Takeover
Big Money: The US Intelligence Budget »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

National Accreditation Agency of Ukraine (NAAU)

National Accreditation Agency of Ukraine (NAAU)

NAAU is the national accreditation body for Ukraine. The directory of members provides details of organisations offering certification services for ISO 27001.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

Persistent Systems

Persistent Systems

Persistent Systems are a trusted Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Scamnetic

Scamnetic

Scamnetic offer an everyday application that helps consumers detect every type of scam in real time – removing human error from the equation. 

Telcion Communications Group

Telcion Communications Group

Telcion Communications Group provides communication and IT solutions to businesses and organizations throughout California and neighbouring states.