The NotPetya malware attack of June 2017 changed the future of cyber insurance and the way companies manage the risk.
Initially believed to be a ransomware attack, NotPetya instead wiped data from networks of 300 companies, including some of the world’s largest. After an estimated $3 billion in insured losses, largely and disagreeably collected under non-affirmative “Silent Cyber” cover, the industry reacted with slow but vital changes. (Editor’s Note: The $3 billion is a widely reported figure from Property Claims Services.) At the core of these changes are excluding cyber from other lines of business, defining a good cyber policy and transforming the way we assess cyber risk.