Insurers must rethink handling of cyber attacks on states
The writer is a professor at Tufts and author of ‘Cyberinsurance Policy’
The invasion of Ukraine earlier this year drew considerable global attention to the possibility that Russia might combine its physical attacks on the country with cyber attacks aimed at weakening critical infrastructure and information systems. Russia has had limited success, so far, in using such cyber attacks against Ukraine, but that hasn’t stopped those insurance companies that sell cyber-insurance policies from worrying that this could cost them billions of dollars — not only in Ukraine, but also in countries such as the US and the UK, where most cyber-insurance policies are sold.
They have good reason to be worried: Russian cyber attacks have already cost insurers a great deal of money. Russia and its government has been widely blamed for the 2017 NotPetya attack that scrambled data from the computer systems of companies in more than 60 countries. These spanned industries from energy to shipping, forcing many of them to shut down operations for several days. The White House estimated that the NotPetya malware ultimately caused more than $10bn in damage and later referred to it as “the most destructive and costly cyber attack in history”.
This story originally appeared on: Financial Times - Author:Josephine Wolff
