The War Exclusion Clause in the Cyber Domain

By Partick L. Espeland, CPA, Director of Implementations

The Russian invasion of Ukraine and the resulting strict worldwide sanctions against Russia have resulted in cybersecurity risk being higher than ever. They have significantly impacted insurance policy forms worldwide associated with cyber liability coverage. Cyber insurance carriers have been thrust into a new age of cyber risk, with insurance coverage potentially paying for losses that were not envisioned in the past.

While war exclusions have long been in existence, the conflict between Russia and Ukraine has brought cyberspace as a military domain to the fore. The military objectives relative to this domain are now fundamentally the same as in the other military domains of land, sea, air, and space. This critical change in warfare will significantly change circumstances that directly apply to the war exclusion. 

Recently, a US court decided that the war exclusion did not apply in a case between Merck and ACE American Insurance. In that case, Merck was a victim of the NotPetya malware purportedly introduced against Ukraine by groups affiliated with the Russian military. Still, because the war exclusion in the policy did not clearly include cyberattacks, Merck “had every right to anticipate that the exclusion applied only to traditional forms of warfare.”

As a direct result of the situation in Ukraine and recent rulings, many insurance carriers either have or are planning new wording in cyber insurance policies to avoid disputes over what is covered. These changes will continue to evolve as cyber insurers and policyholders better understand these new risks and respond to the need for coverage. Still, those changes require more than just a change in wording. 

As part of ongoing services to clients, the XDimensional Technologies team has been working to implement these types of form changes as immediately as they are presented to a customer’s underwriting team. A form may be conditionally applied to risks with specific characteristics and exposures in minutes. This may include geographic, demographic, or a unique combination of exposures.

We have also been advising our clients to implement underwriting rules in their system to prevent automatic binding, modify premium algorithms and create simple notifications to underwriters for policy review to address real-time changes to an insurance program.

Situations like this showcase the importance of having a flexible, modern policy admin system to ensure you can react to policy changes and automate the appropriate workflows and communications.

Patrick Espeland is the Director of Insurance Solutions Implementations for XDimensional Technologies. In this role, Patrick is responsible for the success of customer implementations. Joining XDimensional in 2005, Patrick is a CPA and has over 15 years of agency management system experience and over 25 years of experience in accounting, forensic accounting, and management. 

Related News