15:47 18.09.2023


The war in Ukraine and systemic cyber exposures present challenges for global insurance market

6 min read
The war in Ukraine and systemic cyber exposures present challenges for global insurance market

Oleg Parashchak, CEO Finance Media, Editor-in-Chief Insurance TOP, Forinsurer & Beinsure Media


The war in Ukraine has created a complex web of risks and geopolitical alliances, with national strategic interests being temporarily put aside to shape direction at the transnational level.

Cyber warfare and the attendant risk of systemic losses have long cast a shadow over the cyber insurance market. The issue has become even more pressing since war broke out in Ukraine, according to Howden’s report.

Systemic cyber exposures present challenges for an insurance market built on underwriting mostly geographically contained and uncorrelated risks, and being guided in the process by historical data to help manage aggregations, estimate potential losses and price policies.

9% of SMEs that purchased cyber insurance said the Russia-Ukraine War was a key trigger for their purchase. Nearly one in 10 SMEs that bought cyber insurance did so as a precaution against the Russia-Ukraine war. The leading factors were increased working from home during the pandemic (27%) and media reports about cyberattacks (26%).

Cyberwarfare has provided just a handful of notable skirmishes in the Russia-Ukraine War. But fears linger that the scale and frequency of digital attacks on financial, industrial, and state targets in Ukraine, and among its allies, could escalate, Oleg Parashchak says.

Whilst there have been no cyber attacks of comparable scale since the invasion of Ukraine, the scope of cyber insurance, and the war exclusions issue specifically, has taken centre stage as carriers look to clarify their positions on cyber warfare and buyers seek reassurance that existing levels of protection will be maintained.

Cyber insurance prices stabilizing in the second half of 2022 and the first half of 2023 has resulted in an improvement for those clients renewing their cyber cover, and really good news in terms of being able to bring new buyers in and grow the market.

For existing customers, the rate increases and coverage restrictions that insurers were imposing when the hard market was in full swing wasn’t sustainable in terms of clients continuing to see the value of the cover. Some things had to change there, which fortunately they have.

Prices were soaring by 150% heading into 2022 but are now ticking up by 10% to 15% on average, according to Marsh. In some cases, reductions ranging from 10% to 25% are being seen. It’s stabilizing to the point where clients can actually budget and plan for the cost of it.

Pricing has also become more predictable. Sudden price changes two weeks before renewal were not unheard of in the past, but now, insurers can have formal discussions three-to-six months out again.

Inconsistent terms and language across cyber (re)insurance policies – and their enforceability in relation to attribution especially but also the circumstances and context of each attack – were concerns that pre-dated the war in Ukraine, and have taken on more weight as the conflict continues and geopolitical tensions escalate elsewhere.

Whilst a carveback for ‘cyber terrorism’ worked its way into many traditional war exclusions, the language is often broader than its originally intended scope, leaving another area for dispute on untested language.

Geopolitics and cyber security are inextricably linked, and whilst attention is focused on Ukraine, it is important to remember that Russia is not the West’s only cyber adversary. China, Iran, North Korea and Venezuela are also hostile to Western interests and are actively seeking to disrupt, exploit and influence to further their goals.

Russian cyber activity aimed at the West has seen no discernible increase, with the exception of countries in close vicinity to the conflict zone, most notably Poland.

Russian cyber activity has undoubtedly been consolidated further during the war, raising the potential for the state to carry out strategic attacks on Western targets, disguised behind the actions of criminal gangs.

According to Global Cyber Insurance Market Review, whilst the high-impact cyber attacks widely predicted in the lead up to the war in Ukraine have not (yet) occurred, the last 18 months have stood out for the marked increase in wiper malware attacks.

The FBI report details more than 800,000 cyber crime-related complaints. With Russian actors less able to shield behind a veneer of plausible deniability, the response threshold appears to be lower. In the past five years, the IC3 received a total of 3.26 million complaints for $27.6 billion in losses.


TOP 5 cyber crime types

  1. Phishing: 300,497 complaints
  2. Personal Data Breach: 58,859 complaints
  3. Non-Payment / Non-Delivery: 51,679 complaints.
  4. Extortion: 39,416 complaints.
  5. Tech Support: 32,538 complaints.

The FBI also outlined various threat overviews in their report. These overviews included business email compromise (BEC), investment scams, ransomware and call center fraud.


TOP 5 sectors affected by ransomware: Healthcare and Public Health, Critical manufacturing, Government facilities, Information Technology and Financial services.


The wiper malware discovered in Ukraine over the last 18 months has had its ability to self-replicate set very low when compared to the Russian-linked NotPetya ransomware in 2017, which started in Ukraine and then wreaked havoc when it spread across the globe.

It is also possible that Russia is focussing its outward cyber efforts on espionage, both to prepare for future attacks and gather intelligence on other countries’ responses to the war.

Pro-Ukraine cyber activity has mostly focused on the release of confidential information and other sensitive material, although hackers based in other former Soviet territories have recently lifted an informal embargo on attacking Russian-speaking companies in protest against Russian aggression, Howden says.

How cyber is deployed in any war depends heavily on the warring factions involved but developments in Ukraine may offer some insights for future conflicts where at least one of the state actors has advanced cyber capabilities, such as China, Israel or the U.S.

According to Beinsure Cyber Security Top Trends, the blending of military and cyber goals is one such area. By focussing some of its conventional warfare efforts into capturing physical cyber infrastructure, such as network cables and data centres, Russia has set the dominance of Ukrainian cyberspace as a clear military goal, something confirmed by the recent Vulkan leaks.