Businesses caught in cyber crossfire of Russia-Ukraine conflict cannot rely on insurance for protection, warns Databarracks

The Russia-Ukraine conflict has seen cyber warfare enter the mainstream, with both sides using hacking tactics.

Businesses not directly involved in the situation should now take steps to enhance their cyber defences and avoid being caught in the crossfire.

Peter Groucutt, co-founder of Databarracks, said: In 2017, NotPetya ransomware was used by Russia to target Ukraine. Although it was aimed at a country, it had a massive impact on companies around the world including WPP, pharmaceutical company Merck, Danish shipping firm Maersk and many others.

“The usual intention of a ransomware attack is profit: it aims to paralyse a business and force it to pay to operate again. This wasn’t the case for NotPetya – its purpose was disruption.

“This is the risk that businesses around the world – unconnected to the conflict – face. They may not be the target of an attack but can easily be caught in the unintended collateral damage.”

Acts of war exclusions

Groucutt warns organisations that they cannot rely on cyber insurance for protection against any losses that might occur as a result of the conflict.

“Cyber insurance excludes acts of war from coverage. Insurers refused to pay out on claims from Merck and Mondelez after NotPetya.

These refusals have been contested and recently, a court in New Jersey ruled in favour of Merck. It found that the exclusion clause applied to armed conflict rather than cyber warfare.

“Since the NotPetya attack, insurers have updated their cyber war exclusion clauses to ensure they don’t pay out on similar attacks.”

To guard against threats, Groucutt urges businesses to act now and take charge of their own cyber preparations.

He added: “The National Cyber Security Centre (NCSC) has good advice for what organisations should be doing to improve security when the cyber threat is heightened.

“Our recommendation is to review your backup and recovery strategy and your Cyber Incident Response Plan. Ransomware will now wait to detonate in order to outlast shorter backup and replication retention policies.

”Make sure you have enough historic versions of your data to restore from, and can quickly recover to minimise your downtime.

“Make sure your backups are isolated and air-gapped, so there is no way an attack could impact both your live systems and your backups.”

Groucutt concluded: “Look at how you would detect an attack and how quickly you can respond to isolate systems. The faster you can react to cyber threats the better, because you limit the damage and make the recovery easier.

”Cyber incidents have rapidly become the leading cause of data loss. From cyber-crime to cyber-warfare, organisations need to adapt quickly to stay resilient in the face of these new threats.”