At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Is Your Cyber Insurance Going To Cover “Cyber War”?

    Cyber Insurance Won't Cover Cyber War

    With the lines increasingly blurred between whether a cyber attack is “state sponsored” or just a malicious group of individuals, we’re likely going to see more denials of claims.

    We recently wrote about how the U.S. Government was warning critical infrastructure organizations against Russian State-Sponsored attacks. We’ve also covered how Ukraine is under cyberattack by a cybercriminal group thought to be sponsored by the Russian government. Whether a cyberattack is a clear-cut case of a foreign government meddling in our affairs, or includes some “dotted lines” between attacker and government backer, cyber insurers may leverage this as a means to not pay an insurance claim.

    That’s not to say they’re bad people at the insurance company; it’s just that their policies usually include verbiage that excludes from coverage any “hostile or warlike action from any nation-state or their agency.” And if your organization agrees to the policy, you’re agreeing that should a nation-state be behind an attack, your cyber insurance policy isn’t worth the proverbial paper it’s (not actually) printed on.

    We saw this in the courts back with NotPetya – insurer Zurich would cover the $100 million claim by Mondelez, and insurer Hiscox wouldn’t cover DLA Piper’s claim in the millions. This blog post has a link to a WSJ article with current court cases related to this 

    We believe the place for cyber insurance is for very specific cyberattack scenarios – ones where your organization has carefully identified a gap in your strategy where an insurance policy is a compensating control as a last resort.

    One such gap we commonly see is securing the user. You have the perimeter, email systems, endpoints, the network, and more all protected with security solutions. And yet phishing emails still make their way to the Inbox.

    You need to include the user – via Security Awareness Training – in your security stance. Just like you can spot a fake email a mile away, users that undergo continual training learn to do the same, helping to reduce the threat surface – and, therefore, the likelihood that an attack will be successful.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top