Cyber attacks on businesses and government agencies have increased following Russia President Vladimir Putin’s invasion of Ukraine, with the risk of spill over cyber attacks against non-primary targets becoming much more widespread.
According to Fitch Ratings, heightened risk exists particularly for issuers conducting business in these countries or with their governments, as well as for entities or countries that impose sanctions or deemed to interfere.
An article Russia/Ukraine War Increases Spillover Risks of Global Cyberattacks, by the ratings agency said the potential targets include critical infrastructure such as financial services, governments and utilities.
The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with corresponding significant financial, reputational and legal risks to issuers. Corporate IT teams handled 623m ransomware attacks in 2021, up 105% y-o-y, according to security vendor SonicWall.
The firm reports an 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%). Insurers that focus on cyber resiliency, continual threat assessment and business continuity/disaster recovery while working with industry partners and segmenting their IT infrastructure to reduce cyber risks should be best prepared to mitigate the damage from potential attacks.
Cyber insurance is an important risk management tool. However, increased scrutiny regarding ‘acts of war’ exclusions in policies has led insurers to clarify cyber policy language and address “silent cyber” issues by adopting wording that specifically excludes or affirms coverage of cyber events. Insurers have also incorporated coverage sub limits for cyber insurance, increased premiums, and/or required stronger cyber hygiene for the insured.
Government agencies globally have highlighted increased cyber risk amid the deepening crisis. Earlier this year, the US Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency issued a joint advisory, warning critical infrastructure entities of increased risk of Russian state-sponsored attacks. M