4 Ways To Defend The Enterprise From Nation-State Attacks

How to start investing in cyber security and digital emergency preparedness plans



Rebecca Wynn
05/07/2019

For companies, the investment in cyber security and digital emergency preparedness plans is of vastly increased importance going forward, and should at least be on par with preparation for other catastrophic events like fire and extreme weather.

Cyber security strategies need to cover the full spectrum of possible attacks and events that could cause a crippling blow to a company’s operations which includes nation-state and the attacks on infrastructure and/or cloud providers and services. Here’s where to start:

  1. Cyber Insurance: Ransomware is only one potential attack your business faces, but it can be quite costly. Traditional insurance policies often do not cover ransomware damages. Your business can obtain coverage for ransomware attacks, and many other types of cyber-attacks, through a cyber insurance policy.

  2. Update Software: Many insurance policies predicate coverage on the insured taking reasonable steps to ensure cyber security. It was determined that WannaCry took advantage of a vulnerability in a Microsoft operating system. This particular vulnerability was identified months before the attack and Microsoft had issued a patch for it. Some carriers may take the position that this was failure to take reasonable cyber security measures and deny coverage.

  3. Demand Removal of Any Nation-State Exclusions in Your Cyber Policies: Some cyber policies expressly exclude coverage for actions by nation states. As a result, your carrier might argue there is no coverage if it is determined that a country like Russia, China, Iran or North Korea is behind the attack. Additionally, coverage under cyber policies is often broken down into multiple “modules” for various types of claims. You may need coverage for a ransomware attack under various modules. For example, the ransomware module may cover the ransom itself, while the business interruption module may cover the income your business lost as a result of the inability to access data.

  4. Enlist Coverage Counsel to Review Your Company’s Cyber Risk Management Program: It is important for companies to take actions to effectively manage these risks. The types of exclusions and gaps that appear in cyber coverage can be complex and difficult to identify. Enlisting the assistance of experienced coverage counsel to navigate coverage for the ever-evolving cyber security landscape can help ensure your company’s resilience to these attacks.

Read the full “2019 Nation-State Security Trends Report.”