There have been a number of lawsuits addressing the issue of whether some cyberattacks should be excluded from cyberinsurance coverage as “acts of war.” Josephine Wolff, author of Cybersecurity Policy, writes:
The invasion of Ukraine earlier this year drew considerable global attention to the possibility that Russia might combine its physical attacks on the country with cyber attacks aimed at weakening critical infrastructure and information systems. Russia has had limited success, so far, in using such cyber attacks against Ukraine, but that hasn’t stopped those insurance companies that sell cyber-insurance policies from worrying that this could cost them billions of dollars — not only in Ukraine, but also in countries such as the US and the UK, where most cyber-insurance policies are sold.
Read more at Financial Times.
An essay excerpted from her book that describes the history of cyberinsurance can be found at Slate.