Are Cyber War & Cyber Terrorism Insurable?

Uploaded on 2015-02-25 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-Financial

The frequency of cyber war and terrorism is no longer the risk. The magnitude of the potential damages is the real threat.

11de51c3-a3c4-46b5-af96-a61d70cd24ee.jpgIt's conceivable that an enemy of the US government could hack a US energy, water, or fuel distribution system causing loss of life, severe physical damage to property, or insurmountable financial damage to a non-government business. In 2007, the Department of Homeland Security conducted the "Aurora Generator Test" involving the turbine of an electricity generator that burst into smoke in the Idaho National Laboratory, ultimately causing failure of the device. Engineers determined that by simply changing the operating cycle of a power generator remotely via computer, the turbines could set fire, eventually destroying the machine. For a public or private company, the concern is whether a cyberattack on the U.S. government causing ancillary damage is insurable under a cyber liability insurance policy. The answer is not black and white.

Although the government's definitions of cyber war and cyber terrorism are limited in scope to attacks on the US government, the government's definitions are a useful resource in analyzing whether a war and terrorism exclusion would apply to bar coverage to a public or private company under a cyber liability policy.

At a cybersecurity insurance workshop hosted by the Department of Homeland Security's National Protection and Programs Directorate, the majority of attendees believed that "catastrophic" cyber risks that the federal government should be responsible for are currently uninsurable. Before denying coverage under a terrorism and war exclusion, carriers must evaluate, among other things, whether: 1) it's clear that an act of terrorism or war has occurred, and 2) a more specific exclusion addressing cyber terrorism or war is included in the policy. Yes, the United States is able to pinpoint the origination of a cyberattack by a foreign enemy, but will cyber liability insurance cover the risk of loss?

This issue has no simple conclusion given the increased frequency and severity of cyberattacks. Courts are faced with the challenge of interpreting whether a war and a terrorism exclusion limits coverage under a cyber liability policy when a foreign enemy attacks the US government, causing damage to a public or private company. If a company has a cyber liability policy, the prudent course of action is to negotiate the inclusion of cyber war and terrorism coverage to avoid the risk of loss from the secondary physical or financial damage to a public or private company caused by a war or terrorist act on the US government.   jd supra 

« Digital Future: UK Government is preparing for Robot Takeover
Big Money: The US Intelligence Budget »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Egis Technology

Egis Technology

Egis specializes in the IC design, research and development, and the testing and sales of capacitive fingerprint sensor.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.