Cybersecurity & Data Privacy
I'm sure everyone has heard it before: commentators, pundits, and even members of the 809 Panel have stated that "we are at war!" Most of these claims revolve less around ground combat or air battles than the fact that more countries are investing in and deploying cyber assets to destroy not just the defense networks of other countries, but their economic systems as well. Thus, it stands to reason that some of the cyber threats seen in the wild are not just from random hackers in basements or dark apartments, but from state actors or quasi-state actors operating directly or indirectly at the behest of governments. Further, there are even more hackers working for terrorist organizations criminal enterprises financially connected to terror organizations, or "lone wolf" actors whose motives some would contend to be "terrorist" in nature. This fact runs headlong into a provision contained in many cyber insurance contracts that state the insurer does not have to pay for incidents caused by an "act of war" or "act of terror." It is this very exclusion that is at play in recent a multi-million dollar lawsuit. Specifically, if the insurance company defendant prevails and more insurers attempt to use this exception to avoid paying for damages caused by malware suspected of being tied to state actors or terrorist organizations, cyber insurance could become virtually worthless.