Recent cyberattacks carried out by pro-Russian hacking group Killnet highlight challenges insurance companies may face as they introduce attribution-related exclusions. In an interview with Law360, Partner Peter Halprin discussed these difficulties.
“The issue of attribution is a thorny one. The U.S. government may not be willing to announce to the world that the Kremlin is behind an attack even if White House officials have good reason to believe that’s the case,” noted Halprin. “We’re trying to protect our clients and make sure that when that bad thing happens, there is coverage, but what happens on a political level is totally divorced from that. The aim of the U.S. government is assessing a cyberattack, not figuring out how it lines up with insurance coverage.”
While Halprin agreed insurers will likely be keeping a close eye on the government’s potential response to cyberattacks, he’s not so sure the Killnet attacks move the needle or change the overall picture for domestic carriers. “I still think it remains to be seen how widely adopted the Lloyd’s [exclusion] language will be, and if it will influence U.S. carriers,” he said.
Halprin expects to see litigation between insurers and policyholders over attribution, with each side potentially conducting their own investigations and calling in their own experts to opine on whether an attack can be attributed to a particular nation state. “The question of attribution will remain regardless of whether governments have made that determination,” he commented.