With cyber threats on the rise, insurance against these risks is becoming increasingly popular. In this way, companies hope to receive support in the forensic processing of a cyber attack and financial compensation for the damage caused. Max Rahner, Sales Director DACH of the industrial cybersecurity provider Claroty, on the new standard clauses for cyber insurance.
Financial compensation for the damage caused by a cyber attack: These hopes could now get a significant damper. The most important industry association for Europe, Lloyds Market Association (LMA), has adopted new standard clauses for cyber insurance and has agreed on a changed approach to the War Exclusion Clause in connection with cybersecurity damage.
Why cyber insurances don't pay
Accordingly, attacks by state actors will in future be understood as an act of war and fall under the war exclusion clause, so that cyber insurance companies no longer have to be liable for such damage. This means that z. For example, companies damaged by the SolarWinds hack might not have insurance coverage, as it is generally assumed that the attackers were acting on behalf of the Russian state. Nevertheless, there are a few hurdles for insurers here. The state-initiated cyber attack must have a "major detrimental impact" on the state attacked. "That would be the case, for example, if the financial system, the water or electricity supply or the health system collapsed as a result of an attack," explains Jürgen Reinhart, head of cyber insurance business at Munich Re, at Spiegel Online.
Lots of attacks on KRITIS
However, attacks on critical infrastructures, such as the water supply in Israel or the power supply in Ukraine, have actually increased in recent times - sometimes with devastating consequences. In addition, as in the case of SolarWinds, companies can also become the collateral damage of a state attack. Companies around the world were affected by the SolarWinds case, even if, strictly speaking, it was an attack by Russian actors on a US company. Due to the internationalization associated with digitization, in my opinion we will no longer be able to say so easily in future that we are not interested in an attack on another country. Especially not in the case of a cyber attack.
Cybersecurity strategy is a prerequisite for insurance coverage
Since companies cannot of course choose by whom they are attacked, this shows how essential it is to carefully secure networks and a comprehensive cybersecurity strategy, especially since insurers already make this a prerequisite for insurance cover and, in the event of a claim, processing it much easier. This applies in particular to those areas that are not yet so much in the mind of the management, especially operating technology and industrial networks. The new IT Security Act 2.0, which explicitly also includes networked technologies beyond IT such as IoT, IIoT or industrial control systems / operating technology (ICS), also aims in this direction. It is high time for all companies to act so that the insured event does not even occur in the first place.
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.