The following content can be read in its entirety on bbrown.com | Read Full Story
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of Russian cyberattacks spilling over onto U.S. networks. The advice follows previous CISA warnings on the risks posed by Russian cyberattacks for U.S. critical infrastructure. As the conflict in Ukraine continues to escalate, so too are cyber threats.
The current situation is a reminder of Not Petya in 2017 and the SolarWinds compromise in 2020; both being examples of attacks that were said to have been sourced within Russia that became widespread, impacting a wide range of organizations that did not have a relationship with the originally targeted entities or connected with the conflict between Russia and Ukraine.
U.S. companies and their IT Security teams should anticipate Russian cyberattacks and assess the potential effects on their operations. Companies with operations or suppliers in the region could be impacted, but even companies that have no presence in Ukraine or Russia should watch for indirect impacts, such as Not Petya, and has implications on their suppliers, customers and partners. Like Merck, indirect cyber collateral can be just as devastating as a direct cyberattack.
In addition to the Russia/Ukraine conflict and historical cyber loss experience ensuing from such conflicts, the publication of a court decision allowing $1.4 billion of coverage under an all-risks property policy, which incorporated a War Exclusion, has brought insurability into focus. Lloyds of London has recently released four model War Exclusions with updated language focusing on and providing alternative ways of viewing cyberwar. In addition, they have refined model wording to provide markets with a greater ability to consider ways to deal with some or all of the following… Click to read full story