Companies and organizations worldwide that are the target of Russian hackers may not be reimbursed for the damage from their insurer. If they label a cyber attack as an act of war, they don’t have to payout. The line between warfare and crime is often razor-thin.
That is what various cybersecurity experts say to BNR.
Tensions are rising in Eastern Europe
Tensions in Eastern Europe are mounting by the day. Now that President Putin has recognized the Luhansk and Donetsk regions as independent people’s republics and the first sanctions against Russia have been announced, the unrest is likely to intensify in the days and weeks to come.
The various cyberattacks on Ukrainian ministries and financial institutions are also not helping the situation. Security experts suspect that Russian state hackers, led by the secret service GRU, are behind these attacks. The Netherlands has offered its expertise in the field of cybersecurity. On Tuesday, President Zelensky officially accepted our help, although it is still unclear exactly what our cyber experts will do.
Today NRC writes that hackers have tried to shut down Ukrainian websites from a data center in the North Holland town of Wormer. According to the newspaper, a Dutch server played a key role in controlling ‘a network of infected computers. The owner who rented out the server immediately took it offline when he was informed about this by the police.
Insurers: ‘That risk is not with us’
Now that Ukraine has accepted our help, it is not inconceivable that hackers will seize this opportunity to bombard Dutch companies and organizations with cyber attacks. Insurers have been offering insurance for several years now against ransomware and DDoS attacks and other digital threats. Whether the damage will actually be reimbursed by the insurer remains to be seen, experts tell BNR.
“If a virus comes from Russia, is aimed at Ukraine and causes damage in Western Europe, there is a good chance that insurers will say: that risk is not with us,” says Job Kuijpers, CEO of cybersecurity company EYE and former director of cybersecurity at EYE. the General Intelligence and Security Service (AIVD).
According to Kuijpers, entrepreneurs end up in a legal ‘grey area’ if their business is attacked by hackers and insurers claim that an attack is an act of war. It is then very difficult to prove that the attack is not the result of a cyberwar, but a criminal offence. “Sometimes they work for the government, other times they work for themselves. When is there warfare and when is it a purely criminal act?”, Kuijpers wonders aloud.
No compensation for war operations
Other security experts join Kuijpers. Dave Maasland of cybersecurity company ESET sees that insurers do not always pay out if companies and organizations are the targets of hackers. Marie-Louise de Smit of insurance company Aon has the same experience. According to her, insurers often exclude damage resulting from war operations. Tom Rijgersberg of Meijers Assurantiën thinks insurers will include extra clauses in their policy conditions to exclude liability if the number of cyber attacks continues to increase.
Catch up on more articles here
Follow us on Twitter here