The severe conflict between Russia and Ukraine has resulted in high-level cyber attacks and threats of imminent shutdowns reaching the west. Though the invasion of Ukraine by the Russian military escalated over this past weekend, the tension between the two territories has been steadily increasing over the past several weeks. Leading up to the invasion, Russian hackers have been shutting down Ukrainian websites, including important government and bank sites. These sophisticated cyber-attacks have cut off access to crucial resources for the Ukrainian people. Experts are going so far as to name these events the start of a true cyberwar. As more and more countries get involved in the conflict to aid the Ukrainian people, Russia continues to warn of consequences. The clear threat of more cyber hacks now has the potential to hit the US, and businesses are preparing for how to respond in the event that they are targeted.
Officials from the United States Homeland Security have issued warnings that Americans may not be fully prepared for what's to come as a result of the Russia-Ukraine conflict. Early this month and again over the weekend, Russian hackers infiltrated highly secured Ukrainian websites and cut off all access to servers. They have warned U.S citizens that, “Moscow has a large network of government-backed and criminal hackers who in recent years have successfully targeted individuals, businesses, and government agencies”. These hackers have shown multiple times as of late that traditional security measures won’t protect citizens from experiencing a breach. This is of specific concern for business and private sectors lack robust cyber security policies, procedures, and insurance.
The Director of the Cybersecurity and Infrastructure Security Agency said in a recent panel on Russian Aggression that,“Our networks and our critical infrastructure are integrated into a larger global cyber ecosystem, which means that we all need to be ready”. Personally Identifiable Information (PII) is no longer the only concern, though it does remain a critical issue. In today's digital world, everything relies on technology and the cyber ecosystem. Our hospitals, businesses, banks, governments, commerce, and communication are all tied into the cyber structure. A cyber threat is a threat to every aspect of American life.
Back in 2017, during a previous Russian-Ukraine conflict, Russian hackers released malware known as, “NotPetya”, which caused $10 billion dollars in global damage. The malware that first shut down the majority of Ukrainian websites, made its way to the United States. Specifically, it made its way to Mondelez Internation Headquarters in Chicago. Mondelez, the owner of well-known snacks like Oreos and Triscuits, suffered immense losses from the Russian-based cyber hack. Mondelez eventually filed an insurance claim for the damages caused by the malware, but it was denied due to damages caused by war exclusion.
The company lost over $100 million dollars from NotPetya, even though they claimed to have had zero involvement with the Ukrainian- Russian conflict. Zurich, the insuring company, faced raised eyebrows from the press and big businesses on their decision to deny the claim. This event has re-shaped the cyber industry and forced companies and insurers to take a closer look at what their cyber policies actually cover.
Now, the situation the world is facing today with regard to cyber threats is strikingly similar. As other countries declare war, involved and uninvolved participants are likely going to face the repercussions. In the case of the United States, which has now publicly declared an alliance with Ukraine, it could be facing targeted threats by Russian hackers.
The U.S continues to ramp us sanctions for Russia, which could result in Russia lashing back. It’s not entirely certain whether or not Russia will escalate the situation to targeted U.S hacks, but Americans should prepare for the worst. For the most part, everyday citizens don’t need to over-prepare. Things like keeping extra cash on hand, taking safety measures with stocks, and checking any cyber policies they have in place should be enough precaution.
Business and private sector companies, however, should be taking additional steps. Experts are urging companies to double-check their cyber policy and see if they have coverage for war-related events. Research suggests that insurers are including coverage for “cyber terrorism,” but still excluding “hostile actions” and “war”. For these reasons and more, businesses should have a close review of the language on their specific policies, and make plans accordingly for any coverage gaps.
With no true insight into how likely a cyber threat is to the U.S, or how long it would last if it was to occur, companies should have backup plans for the next several weeks. Ramping up internal security measures, having backup access to information that may be critical to business, and adjusting internal procedures to function without full network access is critical. Again, every cyber policy is different. Some may cover the attack itself only, while others may cover lost income due to the attack. Checking your specific policy and planning accordingly is the best way to prepare for a potential threat.
As a general recommendation, change your passwords, use two-factor authentication, and consider using a VPN to hide your IP address. Lastly, make sure all of your software is completely up to date.
Navigating the scope of your insurance policies, especially during vulnerable times, can be extremely challenging. Our team of experts keeps up to date with current cyber trends, threats, policy language, and standard practices. If you have questions or concerns about your cyber insurance, contact one of our team members today. Our brokers and consultations are here to ensure you have the best insurance experience possible.