CFC’s upgraded cyber war language

CFC is upgrading its war language for all SME policies providing cyber cover. We are introducing new ‘war and cyber war’ language which will replace the existing war exclusion.

Cyber Article 5 min Tue, May 16, 2023

DOWNLOAD THE OVERVIEW DOWNLOAD THE FAQs

CFC is upgrading its war language for all SME policies providing cyber cover. We are introducing new ‘war and cyber war’ language which will replace the existing war exclusion.

The upgraded language brings four key benefits to policyholders:

  • It introduces an explicit definition of ‘cyber war’, providing
    greater clarity
  • It introduces a high threshold for what is considered to be an
    act of cyber war
  • It provides cover for initial incident response support, even in
    the event of cyber war
  • It provides cover for ‘collateral damage’ stemming from
    cyber war

Why are we making these changes?

The nature of warfare has changed considerably, with cyber war
now forming a subset of modern war. Nation states have the
potential to carry out catastrophic cyber attacks against other
nation states, causing major disruption without necessarily
engaging in physical acts of destruction or war.
The traditional war language attached to most insurance policies,
including cyber policies, was originally intended to address physical
acts of war. The language is very broad in its scope, which can
create confusion and ambiguity as to whether or not the exclusion
applies to certain types of cyber attacks. Certain terms could be
interpreted liberally and applied to many different scenarios, which
may ultimately result in reduced cover for our policyholders. We
have therefore taken steps to improve our war language and bring
clarity to policyholders.

How does this benefit policyholders?

Providing clarity by defining cyber war
The previous iteration of the war exclusion did not explicitly define cyber war, creating ambiguity for policyholders as to when a cyber attack would be considered an act of war. Our upgraded war language removes this uncertainty by specifically defining ‘cyber war’ as an attack by one state against another that results in a major detrimental impact on that state’s ability to function or its defence and security capabilities. This creates a high threshold for an act of cyber war where there wasn’t one before. By specifically defining what an act of cyber war looks like, we are creating a high threshold for when an event is considered to be an act of war. This narrows the scope of the war exclusion, removing ambiguity and providing greater clarity to our policyholders.

...removing ambiguity and providing greater clarity to our policyholders.

Providing initial incident response support
One of the main reasons why organizations purchase cyber insurance is to gain access to dedicated cyber incident response teams who can provide technical advice and cyber security support following a cyber
attack. This is particularly important for smaller organizations who may not have these technical capabilities in-house. In recognition of this, we are still providing cover for initial incident response support via our global in-house team, CFC Response. This means that even in the event of an act of cyber war, we will continue to provide technical advice and cyber security support to our policyholders.

Covering ‘collateral damage’
Given how interconnected modern computer systems are, it’s possible that an act of cyber war targeting one state could ultimately impact organizations outside of that state. While not the intended victims, these organizations would be considered collateral damage from an act of cyber war. We want to ensure those unintended victims still have access to cover and that we are not unduly penalizing policyholders who may end up as collateral damage from an act of cyber war.

Addressing the issue of cyber war is an important step in making sure that cyber insurance remains fit-for-purpose and adequately addresses customer needs.

As a market-leading cyber insurer, with over 20 years experience, and trusted by more than 80,000 businesses in 90 countries, CFC is committed to the continued growth and development of the cyber
market.

Addressing the issue of cyber war is an important step in making sure that cyber insurance remains fit-for-purpose and adequately addresses customer needs. By updating our war language, we are removing ambiguity and providing greater clarity to our policyholders.

If you have any questions about the new language in CFC cyber policies, check out the FAQs or reach out to a member of our cyber underwriting team

DOWNLOAD THE OVERVIEW DOWNLOAD THE FAQs

To hear more about the CFC cyber war policy update, catch our upcoming webinar with live Q&A on June 1, 5 PM BST