Cyberattacks on businesses and government agencies have increased following the Russian invasion of Ukraine
Cyberattacks on businesses and government agencies have increased following the Russian invasion of Ukraine, with the risk of spillover cyberattacks against non-primary targets becoming much more widespread.
Heightened risk exists particularly for firms conducting business in these countries or with their governments, as well as for entities or countries that impose sanctions or deemed to interfere, says Fitch Ratings.
Potential targets include critical infrastructure such as financial services, governments and utilities. The 2017 NotPetya attack is an example of a cyberattack that underscores the spillover risk to entities outside of Ukraine.
That attack initially targeted Ukrainian government and financial entities but ultimately affected computer systems across the globe, costing billions of dollars in damages.
The current conflict amplifies the broader trend of increased volume, size and sophistication of attacks, with corresponding significant financial, reputational and legal risks to issuers.
Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% YoY, according to security vendor SonicWall. The firm reports an 1,885% increase in attacks on government targets, healthcare (755%), education (152%) and retail (21%).
Cyber insurance is key risk management tool. However, increased scrutiny regarding “acts of war” exclusions in policies has led insurers to clarify cyber policy language and address “silent cyber” issues by adopting wording that specifically excludes or affirms coverage of cyber events.
Insurers have also incorporated coverage sublimits for cyber insurance, increased premiums, and/or required stronger cyber hygiene for the insured.