Cyber Turned Inside-Out: Three Years After NotPetya

June 17, 2020 by Conan Ward

The NotPetya malware attack of June 2017 changed the future of cyber insurance and the way companies manage the risk.

Initially believed to be a ransomware attack, NotPetya instead wiped data from networks of 300 companies, including some of the world’s largest. After an estimated $3 billion in insured losses, largely and disagreeably collected under non-affirmative “Silent Cyber” cover, the industry reacted with slow but vital changes. (Editor’s Note: The $3 billion is a widely reported figure from Property Claims Services.) At the core of these changes are excluding cyber from other lines of business, defining a good cyber policy and transforming the way we assess cyber risk.