Are Cyber War & Cyber Terrorism Insurable?

Uploaded on 2015-02-25 in GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-Financial

The frequency of cyber war and terrorism is no longer the risk. The magnitude of the potential damages is the real threat.

11de51c3-a3c4-46b5-af96-a61d70cd24ee.jpgIt's conceivable that an enemy of the US government could hack a US energy, water, or fuel distribution system causing loss of life, severe physical damage to property, or insurmountable financial damage to a non-government business. In 2007, the Department of Homeland Security conducted the "Aurora Generator Test" involving the turbine of an electricity generator that burst into smoke in the Idaho National Laboratory, ultimately causing failure of the device. Engineers determined that by simply changing the operating cycle of a power generator remotely via computer, the turbines could set fire, eventually destroying the machine. For a public or private company, the concern is whether a cyberattack on the U.S. government causing ancillary damage is insurable under a cyber liability insurance policy. The answer is not black and white.

Although the government's definitions of cyber war and cyber terrorism are limited in scope to attacks on the US government, the government's definitions are a useful resource in analyzing whether a war and terrorism exclusion would apply to bar coverage to a public or private company under a cyber liability policy.

At a cybersecurity insurance workshop hosted by the Department of Homeland Security's National Protection and Programs Directorate, the majority of attendees believed that "catastrophic" cyber risks that the federal government should be responsible for are currently uninsurable. Before denying coverage under a terrorism and war exclusion, carriers must evaluate, among other things, whether: 1) it's clear that an act of terrorism or war has occurred, and 2) a more specific exclusion addressing cyber terrorism or war is included in the policy. Yes, the United States is able to pinpoint the origination of a cyberattack by a foreign enemy, but will cyber liability insurance cover the risk of loss?

This issue has no simple conclusion given the increased frequency and severity of cyberattacks. Courts are faced with the challenge of interpreting whether a war and a terrorism exclusion limits coverage under a cyber liability policy when a foreign enemy attacks the US government, causing damage to a public or private company. If a company has a cyber liability policy, the prudent course of action is to negotiate the inclusion of cyber war and terrorism coverage to avoid the risk of loss from the secondary physical or financial damage to a public or private company caused by a war or terrorist act on the US government.   jd supra 

« Digital Future: UK Government is preparing for Robot Takeover
Big Money: The US Intelligence Budget »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

Fraud.net

Fraud.net

Fraud.net operates the first end-to-end fraud management and revenue enhancement ecosystem specifically built for digital enterprises and fintechs globally.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.

Endari

Endari

Endari specializes in building cybersecurity maturity within the operational DNA of early-stage startups and SMBs.