Annmarie Giblin Discusses Challenges for Insurers Signaled by Killnet Cyberattacks
Hinshaw partner Annmarie Giblin discussed with Law360 Insurance Authority how the recent Killnet distributed denial-of-service (DDoS) attacks highlight the challenges many insurance companies may face as they introduce exclusions barring coverage for acts of "cyberwar." Killnet's cyberattacks have targeted American companies, airports, and state government websites.
Giblin addressed the questions these attacks raise regarding state attribution as insurance carriers are defining the perimeters in new "cyberwar" exclusions. "The insurance industry is going to be really focused on how the government is going to react and respond to try and gain some clarity into how to determine where to draw that line" in terms of nation-state attribution, Giblin said. She added that certain actions the government takes in response to a cyberattack may help insurers prove attribution, such as if the U.S. decides to prosecute someone directly related to the Russian state in connection with an attack.
While DDoS attacks are a type of cybercrime generally seen as less likely to be devastating as compared with other cyberthreats—Giblin focused on the what these attacks might signal as opposed to the limited damage they were inflicting. She notes that the situation in Eastern Europe right now is "eerily similar" to the one in Ukraine around 2014 and 2015, when pro-Russian groups started launching small-scale DDoS attacks in connection with Russia's annexation of Crimea and eventually led to the NotPetya attack in 2017.
"It's more about what happens after DDoS attacks, or other attacks that could come out of this, like a ransomware or a more serious takeover system," she said.
"Killnet Attacks Highlight Looming Cyberwar Insurance Issues" was published by Law360 on October 27, 2022.