Will Your Company be Uninsurable in 2023?


As more businesses succumb to growing hostile hacker invasions, warnings that cyberattacks may become “uninsurable” in 2023 resurface. This news is nothing new. The insurance industry has challenged cybersecurity claims in the past. Still, Mario Greco, chief executive of Zurich, one of Europe’s largest insurance companies, says we have to stop thinking that it’s just not data being stolen—this is about civilization.

“What if someone takes control of vital parts of our infrastructure…the consequences of that?” he told the Financial Times on December 26. Greco’s statement is dramatic—nonetheless, he points out that nobody would be safe from a nation-state attack, citing the June 2017 notorious NotPetya attack. 

A tipping point

Insurers often refer to the data-destroying malware NotPetya as a tipping point for insurance companies. NotPetya infected hundreds of organizations in dozens of countries, including major multinational companies, causing an estimated $10 billion in global losses. 

In June 2017, when the NotPetya malware first popped up on computers across the world, it didn’t take long for authorities in Ukraine, where the infections began, to blame Russia for the devastating cyberattack. It was a tipping point regarding insuring companies against cybercrime. Why? The war in Ukraine.

Because insurers considered the attack an act of war.

In 2019, Zurich initially denied a $100 million claim from food company Mondelez, with factories in Ukraine, arising from the notorious NotPetya attack because the policy excluded a century-old warlike action. Zurich implied that state-backed cyber attacks are excluded from insurability. Mondelez won on appeal. 

Zurich is not the only one! 

So now, Europe’s largest insurance company is reacting. They aren’t the only ones. Lloyd’s of London Ltd. will require its insurer groups globally to exclude catastrophic state-backed hacks from stand-alone cyber insurance policies starting this year. As of March 31, when the coverage begins or is renewed, policies must contain “clauses that exclude losses arising from war, declared or otherwise, where the policy doesn’t have a separate war exclusion.” The new requirements represent how the insurance industry approaches cyberattacks. 

Is your company insurable?

If a business charges a high premium and adequately addresses the current cyber threats, it can still see a profit.

There are several reasons insurers deny businesses payouts from their cyber insurance claims. Sometimes, it could be because of a naïve error, such as misinterpreting difficult-to-understand insurance jargon. In other cases, businesses may maintain poor cybersecurity hygiene.

Not sure where to start? Cyology Labs is up to date on the developing insurance cyber world. The world is changing, and we are ahead of the change. We can help you understand how to increase your chances of receiving coverage and a payout in the event of an incident under the new rules. To learn more, schedule a no-obligation consultation or visit us at www.CybersecurityMadeEasy.com

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.