Four years after NotPetya, cyber insurance is still catching up

Experts advise “terrified” insurers to better engage businesses to ensure long-term viability, and they advise businesses to track their policies closely.


Faced with increasing payouts and a likely storm of litigation around the recent SolarWinds and Microsoft Exchange server compromises, cyber insurers are facing an “existential battle” for their future, a leading cybersecurity researcher and privacy consultant has warned. Likewise, businesses are grappling with whether to get cyber insurance, over doubts about payouts if attacked from the conflicted cyber insurance industry.

A growing body of evidence had confirmed cyber insurers faced major payouts in the wake of massive attacks such as 2017’s NotPetya, which caused billions of dollars’ worth of damage and brought many global businesses to their knees.

That attack, which came just 20 years after the world’s first cyber insurance policy was written, proved to be a major touchstone in the evolution of an industry that, one researcher believes, is still “in its early days” when it comes to understanding the full scope of cyber risk exposure.

Cyber insurance’s rocky road and continued uncertainties

“There have been a lot of attacks over the years that have caused insurers to lose sleep,” said John Selby, head of research and training at privacy risk management consultancy Privcore and a researcher at Macquarie University’s Faculty of Business and Economics, during a recent presentation at the recent AISA CyberCon conference.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)