Ongoing Russia-Ukraine Conflict Increases the Risk of Cyber Attacks

As the Russia-Ukraine conflict goes on, the risk of cyber attacks on financial, industrial, and state targets in Ukraine and its allies increases, according to an analysis from S&P Global Ratings.

The situation highlights the growing need for strong cyber governance and cyber-insurance coverage, according to S&P cyber specialists in "Cyber Threat Grows as Russia-Ukraine Conflict Persists" (May 11, 2022).

Thus far, cyber attacks related to the conflict have been less severe than anticipated, the rating agency noted. There has been some cyber activity, however, including distributed denial-of-service (DDoS) attacks on the Ukrainian defense ministry and two banks, S&P noted.

In assessing the current threat, S&P also cited the 2017 NotPetya attack, which exploited weaknesses in Microsoft's operating system to disable Ukrainian airports, railways, and banks. The attack had a collateral damage effect on major corporations around the world, however, resulting in approximately $10 billion in losses, according to the analysis. Insurers covered about $3 billion of those losses, much of it through "silent cyber" coverage in traditional property-casualty policies, the rating agency said.

S&P experts noted that insurers are taking steps to manage their silent cyber risks and move clients to stand-alone cyber insurance. That effort has been hampered, however, by the mismatch between strong demand for cyber insurance and supply constraints resulting from insurers' caution given their limited history with cyber as an insured risk, according to the analysis. That disconnect has led to the current high prices for cyber insurance, S&P said.