Q&A
Jon Bateman, Steve Feldstein
{
"authors": [
"Jon Bateman"
],
"type": "legacyinthemedia",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace"
],
"collections": [],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "TIA",
"programs": [
"Technology and International Affairs"
],
"projects": [],
"regions": [
"Iran"
],
"topics": [
"Technology"
]
}
Source: Getty
In The Media
Does Your Cyber Insurance Cover a State-Sponsored Attack?
Modern businesses face a level of cyber risk that vastly exceeds the protections they can rely on from either insurance or government relief. To address this shortfall, business leaders must work with insurers and policymakers to devise practical, long-term solutions.
By Jon Bateman
Published on Oct 30, 2020
Source: Harvard Business Review
In 2017, Merck lost an& eye-popping $1.3 billion when it got caught in the crossfire of a Russian cyberattack targeting Ukraine. The event, later dubbed NotPetya, was the largest cyberattack in history, costing $10 billion worldwide — economic damage akin to a medium-sized hurricane, or a small war. Western governments vowed to hold Russia accountable, yet none stepped forward to support the companies that were hit by the attack.
Insurance was more helpful — to a point. The insurance industry sells policies specifically designed for cyber incidents, but their scope and scale remain limited. Cyber insurance paid for just 3% of NotPetya’s global damage, leading some NotPetya victims to turn to other insurance policies with more ambiguous terms. For example, Merck invoked property and casualty policies that covered all manner of hazards without explicitly mentioning cyber incidents. These policies had so-called “war exclusions,” which barred coverage for damages due to “hostile or warlike actions” by governments or their agents. Many insurers cited these clauses to push back on the claims, triggering high-stakes legal battles that continue to this day.
This article was originally published in the Harvard Business Review.
About the Author
Jon Bateman
Senior Fellow and Co-Director, Technology and International Affairs Program
Jon Bateman is a senior fellow and co-director of the Technology and International Affairs Program at the Carnegie Endowment for International Peace.
- Are All Wars Now Drone Wars?
- The Most Likely Outcomes of Trump’s Order Targeting State AI LawsQ&A
- +1
Jon Bateman, Anton Leicht, Alasdair Phillips-Robins, …
Recent Work
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie Endowment for International Peace
- Russia’s Elite Conflict Over Internet Restrictions Does Not Herald Regime CollapseCommentary
A much-discussed disagreement over internet restrictions in Russia was never an existential threat for Putin: It was about elite groups protecting their interests.
Alexandra Prokopenko
- Trump’s AI Order Won’t Stymie U.S. Competition with ChinaCommentary
Beijing regulated AI—and then Chinese AI companies took off.
Matt Sheehan
- Are Data Centers the Villains in the Battle Over Electricity?Commentary
Examples from Virginia and Lake Tahoe reveal complex situations that governments could use to fund critical grid upgrades.
Kate Gordon, Noah Gordon
- Beyond the Hype: Assessing Hyperscaler Nuclear Commitments Against U.S. Energy RealitiesPaper
The coming decade will require technology companies to decide how nuclear fits into their energy strategies—and grapple with the obligations that follow.
John Pendleton, Mackenzie Schuessler
- India’s Semiconductor Ecosystem Is Maturing—and ASML Is Taking NoticeCommentary
The ASML MoU with Tata Electronics is an indicator of how far the Indian semiconductor ecosystem has come. This ecosystem has been years in the making and represents real commercial logic.
Konark Bhandari
