Q&A
Jon Bateman, Steve Feldstein
{
"authors": [
"Jon Bateman"
],
"type": "legacyinthemedia",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace"
],
"collections": [],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "TIA",
"programs": [
"Technology and International Affairs"
],
"projects": [],
"regions": [
"Iran"
],
"topics": [
"Technology"
]
}
Source: Getty
In The Media
Does Your Cyber Insurance Cover a State-Sponsored Attack?
Modern businesses face a level of cyber risk that vastly exceeds the protections they can rely on from either insurance or government relief. To address this shortfall, business leaders must work with insurers and policymakers to devise practical, long-term solutions.
By Jon Bateman
Published on Oct 30, 2020
Source: Harvard Business Review
In 2017, Merck lost an& eye-popping $1.3 billion when it got caught in the crossfire of a Russian cyberattack targeting Ukraine. The event, later dubbed NotPetya, was the largest cyberattack in history, costing $10 billion worldwide — economic damage akin to a medium-sized hurricane, or a small war. Western governments vowed to hold Russia accountable, yet none stepped forward to support the companies that were hit by the attack.
Insurance was more helpful — to a point. The insurance industry sells policies specifically designed for cyber incidents, but their scope and scale remain limited. Cyber insurance paid for just 3% of NotPetya’s global damage, leading some NotPetya victims to turn to other insurance policies with more ambiguous terms. For example, Merck invoked property and casualty policies that covered all manner of hazards without explicitly mentioning cyber incidents. These policies had so-called “war exclusions,” which barred coverage for damages due to “hostile or warlike actions” by governments or their agents. Many insurers cited these clauses to push back on the claims, triggering high-stakes legal battles that continue to this day.
This article was originally published in the Harvard Business Review.
About the Author
Jon Bateman
Senior Fellow and Co-Director, Technology and International Affairs Program
Jon Bateman is a senior fellow and co-director of the Technology and International Affairs Program at the Carnegie Endowment for International Peace.
- Are All Wars Now Drone Wars?
- The Most Likely Outcomes of Trump’s Order Targeting State AI LawsQ&A
- +1
Jon Bateman, Anton Leicht, Alasdair Phillips-Robins, …
Recent Work
Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie Russia Eurasia Center
- Why Is Belarus’s Approach to Online Censorship So Different From Russia’s?Commentary
For Lukashenko, abandoning Western internet services and embracing Russian equivalents would mean tying himself even closer to Moscow.
Artyom Shraibman
- Who Is Responsible for the Demise of the Russian Internet?Commentary
The Russian state has opted for complete ideological control of the internet and is prepared to bear the associated costs.
Maria Kolomychenko
- Russia Is Meddling for Meddling’s Sake in the Middle EastCommentary
The Russian leadership wants to avoid a dangerous precedent in which it is squeezed out of Iran by the United States and Israel—and left powerless to respond in any meaningful way.
Nikita Smagin
- Is There a Place for Russia in the New Race Back to the Moon?Commentary
Despite having the resources and expertise, the Russian space industry missed the opportunity to offer the United States or China a mutually rewarding partnership in the lunar race.
Georgy Trishkin
- Power, Pathways, and Policy: Grounding Central Asia’s Digital AmbitionsCommentary
Central Asia’s digital ambitions are achievable, but only if policy is aligned with the region’s physical constraints.
Aruzhan Meirkhanova
