Cyberattacks from Russia

Cyberattacks from Russia could be set to cause more disputes between businesses and insurers following the Zurich-Mondelez case.

A report from GlobalData says that 9% of SMEs in the UK that purchased cyber insurance in 2022 said the Russia-Ukraine conflict was a key trigger for their purchase.

According to the company, nearly one in 10 SMEs that bought cyber insurance in 2022 did so as a precaution against the Russia-Ukraine conflict.

While it ranked behind several other key factors, businesses that cited this factor will certainly expect to be paid out if they are victims of a cyberattack for this reason.

The leading factors were increased working from home during the pandemic (27%) and media reports about cyberattacks (26%).

It is critical that insurers are very clear over what is and is not covered, as a stream of high-profile cyber legal cases would be very damaging for the industry – especially following the recent business interruption cases arising from the pandemic.

Such cases would risk increasing the view that insurers look to get out of paying claims, which will make retaining customers even harder than it is already due to the cost-of-living crisis.

Zurich and Mondelez International (owner of Cadbury) agreed a settlement of $100m following a legal dispute over whether Zurich could avoid paying out a cyber claim over a war exclusion. The cyberattack attributed to Russia took place in 2017, after the annexation of Crimea in 2014.

Zurich had denied claims from Mondelez on the grounds that the NotPetya attack, which initially targeted Ukrainian organizations, had been a state-sponsored attack by Russia and therefore fell under its act of war exemptions.

Firms such as Mondelez were considered to have taken collateral damage as the malware spread beyond its initial targets, with Mondelez claiming to have incurred $100 million of damages after having 24,000 laptops and 1,700 servers wiped out on its network.

by Nataly Kramer