Since the start of the war in Ukraine, fears of cyber-attacks due to parallel hybrid war are increasing. In this article we explain how the insurance industry is reacting and how the war clause affects conditions.
Is there an increased cyber threat from the war in Ukraine?
Officials like the German BSI are currently assuming an “increased threat level”. However, there is currently no immediate threat to information security in connection with the situation. However, there are already suspicions of individual cyber-attacks in connection with the war. The German wind turbine manufacturer Enercon, for example, was no longer able to carry out remote maintenance on its own systems. The reason for this was a disruption in the satellite network.
How are cyber insurers reacting?
Immediately after the outbreak of the war, our cyber specialists contacted cyber insurers in order to know their reaction. The general feedback was that the situation was being assessed and, especially in the area of critical infrastructure, that decisions will be taken with even more restrictions.
Does the war exclusion clause apply?
Cyber insurances usually have so-called war exclusion clauses, according to which damage caused by war or war-like events are not insured. The classic exclusion of war means that there is generally no coverage in the case of a targeted action by an attacking state using physical force.
If the cyber-attack is originated by so-called state sponsored hacker groups, there is no direct-targeted action by an attacking state, and therefore no war in the sense of the definition. In addition, Russia is at war with Ukraine and not with other countries, a point to be considered when insurance wordings are interpreted. Even if a cyber-attack on a company is directed by a state, this is still no official war action. It is the insurer who must provide evidence that the cyber-attack is originating from a state if he thinks that the exclusion is applicable. It will be very difficult for the insurer, however, to prove such a fact, because hackers usually do not announce that they are acting for a government.
How about the ransom payment?
Ransomware cases are currently the No. 1 cyber threat. Access to data or services is blocked and a ransom is demanded for activation. The ransom payment is generally insurable. If the blackmailers are Russian hacker groups, policyholders must expect that the insurers will not make any payment without a positive sanctions and compliance check. Due to the extensive sanctions against Russia, ransom payments to Russian hacker groups are usually subject to sanctions and insurance payments are therefore contractually and legally prohibited.
Summary
We are currently not observing cyber-attacks in connection with the war in Ukraine that would occur in Austria and Central and Eastern Europe. Cyber insurers still take responsibility for protecting this number one corporate risk. In our opinion, the traditional war exclusion would not apply in the event of an untargeted attack. Ransom payments might be subject to the sanctions and therefore forbidden.
The article is written by Stephan Eberlein.
Related Insights
Update on Insurance in Ukraine: Money Transfers Between Insurers and Reinsurers Possible Again
Good Risk Management focuses on identifying and treating defined risks and should be a continuous and developing process embedded in a company’s HR and wider Benefits strategy.
Latest news from the Russian insurance market 2022/2023
As we reported earlier, after the outbreak of the war in Ukraine Russia and Belarus have been cut off from the Western international insurance markets by regulations put into force by both the European Union and the Russian Federation.
The Price Cap on Russian Oil – Implications on Insurance
Insurers, insurance brokers, shipowners and charterers will now be required to check the price of Russian oil cargoes on board ships they own, charter or insure.

Anita Molitor
Operation Executive
T +43 664 962 40 08