Ever since the first stages of the Ukraine invasion by Russia, widespread predictions relating to cyber operations launching parallel to the fighting have highlighted the threat of collateral damage across the entire global corporate sector.
For those in the insurance industry still recovering from the widespread surge in ransomware attacks, Russia’s Ukraine actions have provided a fresh threat in an escalating cyberwar where the US Cybersecurity & Infrastructure Security Agency has pressed organizations into rapidly adopting more secure defences to have their shields up.
As of this moment, cyber threats outside of the conflict zone have been very low against expectation, with most in the insurance and cyber risk communities open about fears of a systematic and catastrophic cyber conflict. Even though the expectation has not been met so far, some have witnessed a lull in cyber attacks over the first few weeks of the conflict.
Cyber insurer Coalition, with a client base concentrated throughout the US and Canada, have disclosed that they have witnessed a downtick in cyber activity directed towards their client base. The result is hypothesised to be the war disrupting hackers operating in both Russia and Ukraine – from general chaos throughout the region to the potential of certain criminals being repurposed or re-tasked towards other activities to support the conflict.
In the longer-term thinking, many companies and analysts have concern over the deteriorating relations between Russia and the West and the resulting step-up in cyber attack activity it will spark.
Analysts have given warning that the conflict raises the risk of worldwide cyber-attacks against more critical infrastructure assets, as well as escalated and increased numbers of cyber attacks on private companies and other organizations. Such a disruptive attack on business and economic structures could represent an uninsurable event.
The greater toll of spillover risks hitting companies highlight even more caution. The example of NotPetya malware in 2017 was widely believed to be a Russian military cyberattack on Ukrainian targets that ended up affecting big companies like Maersk – causing billions of dollars of global damage as a result.
Last week, US President Joe Biden called on renewed efforts of the private sector to lift its defences by citing evolving intelligence on the Russian government exploring the potential to conduct future cyberattacks, causing companies to urgently prepare yet again.
Many suspect that an increase in criminal activity will be on the immediate horizon, as sanctions continue to starve out the Russian economy and extortion becomes their primary tool. Insurers have already been contending with the growing frequency and severity of cyberattacks over the last two years alone, as third-party support services made it much easier for hackers to activate and launch campaigns. This has led to surges in insurance pricing as providers quickly reflect all of the higher risks within their premiums.