Q&A
Jon Bateman, Steve Feldstein
{
"authors": [
"Jon Bateman"
],
"type": "legacyinthemedia",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace"
],
"collections": [],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "TIA",
"programs": [
"Technology and International Affairs"
],
"projects": [],
"regions": [
"Iran"
],
"topics": [
"Technology"
]
}
Source: Getty
In The Media
Does Your Cyber Insurance Cover a State-Sponsored Attack?
Modern businesses face a level of cyber risk that vastly exceeds the protections they can rely on from either insurance or government relief. To address this shortfall, business leaders must work with insurers and policymakers to devise practical, long-term solutions.
By Jon Bateman
Published on Oct 30, 2020
Source: Harvard Business Review
In 2017, Merck lost an& eye-popping $1.3 billion when it got caught in the crossfire of a Russian cyberattack targeting Ukraine. The event, later dubbed NotPetya, was the largest cyberattack in history, costing $10 billion worldwide — economic damage akin to a medium-sized hurricane, or a small war. Western governments vowed to hold Russia accountable, yet none stepped forward to support the companies that were hit by the attack.
Insurance was more helpful — to a point. The insurance industry sells policies specifically designed for cyber incidents, but their scope and scale remain limited. Cyber insurance paid for just 3% of NotPetya’s global damage, leading some NotPetya victims to turn to other insurance policies with more ambiguous terms. For example, Merck invoked property and casualty policies that covered all manner of hazards without explicitly mentioning cyber incidents. These policies had so-called “war exclusions,” which barred coverage for damages due to “hostile or warlike actions” by governments or their agents. Many insurers cited these clauses to push back on the claims, triggering high-stakes legal battles that continue to this day.
This article was originally published in the Harvard Business Review.
About the Author
Jon Bateman
Senior Fellow and Co-Director, Technology and International Affairs Program
Jon Bateman is a senior fellow and co-director of the Technology and International Affairs Program at the Carnegie Endowment for International Peace.
- Are All Wars Now Drone Wars?
- The Most Likely Outcomes of Trump’s Order Targeting State AI LawsQ&A
- +1
Jon Bateman, Anton Leicht, Alasdair Phillips-Robins, …
Recent Work
Carnegie India does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie India
- For People, Planet, and Progress: Perspectives from India's AI Impact SummitResearch
This collection of essays by scholars from Carnegie India’s Technology and Society program traces the evolution of the AI summit series and examines India’s framing around the three sutras of people, planet, and progress. Scholars have catalogued and assessed the concrete deliverables that emerged and assessed what the precedent of a Global South country hosting means for the future of the multilateral conversation.
- +3
Nidhi Singh, Tejas Bharadwaj, Shruti Mittal, …
- India’s Press Note 3 Gamble: Opening the FDI Door to ChinaArticle
On March 10, 2026, India’s Union Cabinet approved amendments to Press Note 3, a regulation that mandated government approval on all foreign direct investment (FDI) from countries sharing a land border with India. This amendment raises questions primarily about whether its stated benefits will materialize and if the risks have been adequately weighed. This piece will address the same.
Konark Bhandari
- The Coming of Age of India’s Nuclear TriadCommentary
The induction of INS Aridhaman, which features several technological enhancements, now gives India the third nuclear ballistic missile submarine to ensure continuous at-sea deterrent.
Dinakar Peri
- What Could a Reciprocal Defense Procurement Agreement Do for U.S.-India Ties?Article
India and the United States are close to concluding a Reciprocal Defense Procurement Agreement (RDPA) that will allow firms from the two countries to sell to each other’s defense establishments more easily. While this may not remedy the specific grievances both sides may have regarding larger bilateral issues, an RDPA could restore some momentum, following the trade deal announcement.
Konark Bhandari
- India Signs the Pax Silica—A Counter to Pax Sinica?Commentary
On the last day of the India AI Impact Summit, India signed Pax Silica, a U.S.-led declaration seemingly focused on semiconductors. While India’s accession to the same was not entirely unforeseen, becoming a signatory nation this quickly was not on the cards either.
Konark Bhandari
