Security News > 2022 > July > How War Impacts Cyber Insurance
We're now seeing a shift back to traditional risk measurement, with underwriters approaching cyber insurance in a manner similar to physical insurance - by assessing where the biggest risks are and determining whether they should exclude certain risks from coverage, as well as establishing a bar to define what constitutes reasonable care.
By the end of 2020, more than half of cyber insurance policy holders saw the price of their coverage rise by as much as 30 percent, according to GAO. While the current conflict in Ukraine will likely lead to a rise in cyber insurance purchases, the harsh reality is that most coverage will not protect enterprises from nation-state attacks or even ransomware.
Most cyber insurance policies already include clauses to exclude acts of war, and in the aftermath of the current struggle, we'll likely see further refinement of language and an expansion in the number of coverage exclusions as insurers look to hedge their risks.
The first step before buying a cyber insurance policy should be a risk assessment.
Once you have undertaken a thorough risk assessment, established a strong security foundation, and conducted a clear cost-benefit analysis - which requires open communication from the CISO to the CFO and even the board - only then should you consider investing in cyber insurance.
As the Russia-Ukraine war wages on and other nation-states and criminals exploit the chaos, we'll likely continue to see the interest in cyber insurance grow, but I'd wager the companies signing up for policies will be the ones who fail to read the fine print.