The murky waters of cyber warfare and insurance coverage

Issue 3 2022 Security Services & Risk Management

South Africa has seen a dramatic rise in cyberattacks and successful breaches during the past two years, as well as an accompanying surge in ransom demands.

In the most recent high-profile attack, credit reporting agency TransUnion South Africa revealed that at least three million South Africans have been impacted by a data hack, after the agency was compromised by hacker group N4aughtysecTU.

The proliferation of these types of attacks demonstrate how vulnerable organisations can be to cyberattacks and are forcing organisations to increasingly rely on their cyber insurance policies. At the same time, many insurers are looking to remain viable amid a changing cyber insurance landscape to try to manage their own exposure.

Ryan van de Coolwijk, product head at iTOO’s Cyber Insurance division, says that as cyber insurers are trying to manage their coverage of these incidents, companies must revisit their cyber insurance policies and rethink how they respond to incidents.

Unique cover

In South Africa, state-owned Sasria is the only non-life insurer that provides special risk cover to government entities as well as to all individuals and businesses that own assets in South Africa, as well as government entities. This is unique cover against risks such as civil commotion, public disorder, strikes, riots and terrorism.

However, says Van De Coolwijk, Sasria’s cover only extends to physical incidents of unrest, riots and terrorism, thus excluding any cyberattack that may be classified as cyber terrorism or cyber warfare. “Essentially, this means that any organisation that comes under attack from state-sponsored cybercriminals, in an incident that can be classified as cyber warfare, could find itself without any cover at the present moment.

“These exclusions mean that there is a gap in current cyber insurance coverage, meaning that organisations should bulk up their cybersecurity practices and systems to mitigate their exposure to threats posed by bad actors.”

Cyber warfare is commonly defined as a cyberattack or series of attacks that target a country and has the potential to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life.

Yet, Van De Coolwijk points out, this is a complex issue, as debate continues among cybersecurity experts as to what kind of activity constitutes cyber warfare. The US Department of Defence recognises the threat to national security posed by the malicious use of the internet but does not provide a clear definition of cyber warfare. Others consider cyber warfare to be a cyberattack that can result in death.

No quick fix

“So, the question of what constitutes cyber warfare revolves around a wide spectrum of philosophical, semantic and legal questions, most of which are not likely to be resolved in the near future. Yet, the implications are more practical and immediate. Whether or not an attack that affects the private sector can be classified as cyber war can have a substantial effect on whether the incident is covered by a cyber insurance policy.”

Van De Coolwijk notes that while there are several examples of alleged cyber warfare in recent history – involving a nation-state perpetrating cyberattacks on another – there is still no universal and formal definition for how a cyberattack may constitute an act of war. This is however changing quickly following the outbreak of war in the Ukraine, with standard definitions and exclusions being developed and rolled out.

In recent months though, insurers have tried to reject cyber insurance claims on the grounds that they constitute cyber warfare, but with mixed success. These attempts at exclusion show that cyber insurers are trying to limit their coverage of these incidents.

In light of this evolving landscape, Van De Coolwijk suggests that companies need to ensure that they are aware of changes in the marketplace of cyber insurance coverage by reviewing their existing policy to see what language is included in the war exceptions. Additionally, organisations must check to see whether their insurer has issued any guidance around these exclusions, and they need to also clearly understand any changes to policy terms during ongoing or upcoming negotiations.

“Until such time as there is some universal agreement on what constitutes cyber war, I suggest policyholders check with the brokers and their policy wording to have a clear view on their possible exposure,” says Van De Coolwijk.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Fire safety in South Africa
Technoswitch Fire Detection & Suppression Technews Publishing SMART Security Solutions Editor's Choice Fire & Safety Security Services & Risk Management
Fire safety is sometimes ignored, sometimes relegated to whatever is cheapest, and sometimes treated with the seriousness it deserves, given that it focuses on protecting life and assets. SMART Security Solutions asked Brett Birch, MD of Technoswitch, for some insights into the realities of fire safety in South Africa.

Read more...
A risk-based approach to fire safety
Fire & Safety Security Services & Risk Management Industrial (Industry) Agriculture (Industry)
A report by fire engineering consultancy ASP Fire is challenging blanket assumptions around combustible-core sandwich panels, arguing instead for a rational, risk-based approach that balances fire safety requirements with commercial realities in sectors such as agriculture, manufacturing and industrial processing.

Read more...
Preventing and suppressing lithium fires
SMART Security Solutions Technews Publishing Editor's Choice Fire & Safety Security Services & Risk Management Smart Home Automation
SMART Security Solutions asked Clyde Becker, director of Pyro Brand, for some insight into the mechanics of lithium-ion battery fire risks, especially thermal runaway, and to define a comprehensive, layered approach to fire detection and suppression.

Read more...
Identity recovery matters most
Security Services & Risk Management
As cyberattacks grow more targeted, more destructive, and increasingly aimed at the very fabric of trust within the enterprise, the ability to restore identities has become just as critical as restoring data.

Read more...
ISO 27701 helps demonstrate privacy compliance beyond POPIA
Security Services & Risk Management
ISO 27701 include privacy-specific controls and provides a structured way to manage Personally Identifiable Information (PII) throughout its lifecycle, giving organisations a way to demonstrate how privacy is managed.

Read more...
Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
The risk at the edge of South Africa’s agriculture supply chain
Security Services & Risk Management Agriculture (Industry) Logistics (Industry)
Research from ESET has found that a significant number of South African agritech operators and farmers continue to believe their companies are not attractive targets for cybercriminals. Unfortunately, that belief is precisely what makes them one.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.