Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Lazaro Gamio/Axios

Insurers are pointing to clauses that exempt war-related damage from being covered in order to reject claims related to state-backed cyberattacks, notes a new report from the Carnegie Endowment for International Peace.

Why it matters: This “war exclusion” raises “doubts about whether adequate or reliable coverage exists for state-sponsored cyber incidents,” the report says.

Where it stands: Insurers’ use of this exclusion is currently being litigated, says the report, as a result of claims made after the catastrophic 2017 NotPetya incident, which led to an estimated $10 billion in losses across the globe.

Flashback: The NotPetya virus, which was Russian in origin, was aimed at disrupting and destroying Ukrainian online infrastructure, but soon infected systems worldwide.

The big picture: Some insurers’ “novel use of the war exclusion” in refusing to reimburse companies for nation-state cyberattack-related losses has helped contribute to an unsettled cyber insurance marketplace, says the Carnegie Endowment.

  • “Three years after NotPetya, it is still unclear how insurance can or should cover state-sponsored cyber incidents and other large-scale cyber risk. This fundamental uncertainty continues to inhibit the development of robust, socially beneficial cyber insurance markets,” says the report.

What’s next: The report suggests insurers could craft a new, more tailored "exclusion for cyber catastrophes," as well as a separate exclusion for "cyber losses arising from kinetic war" — that is, cyberattacks that accompany a conventional armed conflict between states.

Go deeper

Bryan Walsh, author of Future
Oct 7, 2020 - Technology

Protecting a smarter electrical grid against cyberattacks

Illustration: Eniola Odetunde/Axios

A smarter, more connected electrical grid is more efficient and more resilient against natural threats — but more vulnerable against cyberattacks.

Why it matters: As electricity shifts to more distributed and intermittent renewable sources, updating the grid has become a necessity. But unless cyber defense keeps pace, digitizing the grid will also open up new points of approach for cyber threats.

Ransomware victims may be penalized for paying up, says Treasury

Illustration: Aïda Amer/Axios

Victims of ransomware attacks who pay criminals to release their data may be held liable for violating U.S. sanctions — even if they don’t know the true identity of their tormentors, advised the Treasury Department in a bulletin last week.

Why it matters: The move could doubly punish the victims of ransomware attacks.

Biden picks Warren allies to lead SEC, CFPB

Photo: Justin Sullivan/Getty Images

President-elect Joe Biden has selected FTC commissioner Rohit Chopra to be the next director of the Consumer Financial Protection Bureau (CFPB) and Obama-era Wall Street regulator Gary Gensler to lead the Securities and Exchange Commission (SEC).

Why it matters: Both picks are progressive allies of Sen. Elizabeth Warren (D-Mass.) and viewed as likely to take aggressive steps to regulate big business.