By John Doernberg   
National Director, Cyber Practice

Recent news stories have highlighted high-profile denials of insurance coverage for much of the costs affected companies have incurred. The insurers have argued that the War Exclusion, common in all types of insurance policies, applied to the NotPetya attack because of Russia’s conflict with Ukraine. 

These denials, which are being contested in litigation, have led some publications to question the value of cyber insurance. The cyber insurance sector has responded by noting that the high-profile denials have been under property policies, not cyber policies, and that cyber insurers have routinely paid claims resulting from the NotPetya attack. 

That response has allayed much concern, but it elides an issue that can cause as much coverage havoc in cyber policies as it has in property policies: the scope of the War Exclusion. Well-negotiated cyber policies limit the scope of the War Exclusion to account for – and cover – cyber-attacks involving government actors or support. 

But even among cyber policies, there are important, and potentially decisive, differences in the wording of War Exclusions among different policies. A company can greatly increase the likelihood of coverage under a cyber policy for a ransomware or other malicious attack if it secures favorable wording in the War Exclusion. With the exponential increase in the amount of ransom demanded in recent attacks – now regularly hundreds of thousands or even millions of dollars – seemingly small wording discrepancies can have big impacts.

Gallagher’s cyber specialists are attentive to wording distinctions among cyber policies, and know how to negotiate with insurers for the most favorable terms. Talk to a Gallagher cyber specialist today, and learn how to best protect yourself from many of the losses you would inevitably incur in any ransomware or other cyber extortion attack.