The Washington Foreign Law Society
Cyber Insurance Exclusions: What War?
Thursday, April 15th, 2021
from 5:30 to 6:30 PM ET
– This event is jointly organized with the Stimson Center –
The 2017 NotPetya cyberattack cost businesses hundreds of millions of dollars, and the attack is still roiling through insurance markets and some courts. A key issue is under what circumstances state-backed hacks are covered by various kinds of insurance policies or are excluded for being “hostile or warlike acts.” Lloyd’s Market Association is still reviewing alternative industry approaches that can satisfy market needs. Meanwhile, what can/should businesses do in terms of insurance coverage, especially given the difficulties in the classic NMA 464 exclusions, to make sure they have appropriate coverage? How might thresholds be set so that the insurance market itself is sustainable? And might any of these solutions help lead to holding threat actors more accountable?
Join the Washington Foreign Law Society and the Stimson Center in this second in a series of discussions dissecting cyber issues as they relate to current and potential legal accountability: Cyber Accountability – Who did it? Is it wrong? Can they be stopped?
Debra Decker will moderate the program. She is a member of the Board of Governors of the Washington Foreign Law Society and a Senior Advisor at the Stimson Center in Washington, DC, where she works on cyber and nuclear security issues. She has advised on strategy and risk issues for private and public sector clients, including the Federal Bureau of Investigation, the Department of Defense and the Department of Homeland Security. Previously, Ms. Decker was an associate of Harvard’s Belfer Center for Science and International Affairs. Her research has been featured at the World Economic Forum and to Congress. Ms. Decker holds an MBA from the Wharton School of the University of Pennsylvania, an MPA from Harvard University’s Kennedy School, and a B.A. from American University.
Jon Bateman, Fellow in the Cyber Policy Initiative of the Technology and International Affairs Program at the Carnegie Endowment for International Peace, has researched and written extensively on cyber issues including insurance coverage exclusions for cyber incidents. He previously held technology and strategy roles at the U.S. Department of Defense. Mr. Bateman most recently was special assistant to the Chairman of the Joint Chiefs of Staff, General Joseph F. Dunford, Jr. He led strategic analysis within the Chairman’s internal think tank, including assessments of the technology industry, geopolitical competition, arms control, and military education. Previously he served as director for Cyber Strategy Implementation in the Office of the U.S. Secretary of Defense. He developed the first comprehensive policy for military cyber operations and helped to establish a unified Cyber Command. Bateman co-founded the central oversight element for all defense cyber activities, the secretary’s Principal Cyber Advisor Staff. Mr. Bateman was senior intelligence analyst for Iran at the Defense Intelligence Agency. As the agency’s senior expert on Iranian cyber forces, nuclear policy, and political-military leadership, he led a team that produced strategic assessments for the White House and the Pentagon during an era of bilateral upheaval. Mr. Bateman holds a BA from Johns Hopkins University and a JD from Harvard Law School.
Matthew McCabe is a Senior VP with Marsh’s Financial and Professional Liability Practice at Marsh’s New York City headquarters. His current responsibilities include advising clients on emerging cyber security trends and issues and ways in which they can address their unique needs. Prior to joining Marsh, Mr. McCabe served as senior counsel to the U.S. House of Representatives Committee on Homeland Security, where he advised congressional representatives on federal, state, and local policy involving cyber security, data protection, and privacy law. Mr. McCabe also previously served as in the administration of President George W. Bush as a policy director on the Homeland Security Council. Before working in Washington, Mr. McCabe was a litigator at Schulte Roth & Zabel in New York, specializing in securities and accounting fraud, and antitrust cases. In April 2015, Mr. McCabe was named a Senior Fellow for the George Washington University Center for Cyber & Homeland Security. He holds a BA in business administration from Bucknell University and a JD from Hofstra University School of Law.
Below is a list of references mentioned by our speakers during the session:
- Matthew McCabe, Marsh, NotPetya Was Not Cyber “War”: https://www.marsh.com/us/insights/research/notpetya-was-not-cyber-war.html
- Jon Bateman, War, Terrorism, and Catastrophe in Cyber Insurance: Understanding and Reforming Exclusions: https://carnegieendowment.org/2020/10/05/war-terrorism-and-catastrophe-in-cyber-insurance-understanding-and-reforming-exclusions-pub-82819
- The Merck attack: Merck Cyberattack’s $1.3 Billion Question: Was It an Act of War? – Bloomberg
- UK Solicitors Regulation Authority on proposed requirements for inclusion of a cyber incident clause in the minimum terms and conditions of professional indemnity insurance required of law firms: https://www.sra.org.uk/sra/consultations/consultation-listing/pii-cyber/
- HACT Act: https://www.congress.gov/bill/116th-congress/house-bill/4189?r=5&s=1
- Annual Threat Assessment of the US Intelligence Community: https://www.dni.gov/files/ODNI/documents/assessments/ATA-2021-Unclassified-Report.pdf
- UN Open-ended Working Group: https://www.un.org/disarmament/open-ended-working-group/
- Carnegie Endowment Cyber Norms Index and Guidelines: https://carnegieendowment.org/publications/interactive/cybernorms#
- UN Institute for Disarmament Research Cyber Policy Portal: https://unidir.org/cpp/en/