[thephyber]

There are currently (or were recently) 2 large lawsuits regarding cyber insurance claims working their way through litigation. If they both go in a certain direction, the concept of cyber insurance may be much less appealing (far fewer claims could be paid out, making the concept relatively expensive for less benefit than many companies anticipated).

Basically, insurance only works when the insured has faith that the insurer will pay and that both parties understand the boundaries of the contract. One of the lawsuits involves the effects of WannaCry, which the insurer claims was a state-sponsored attack. "Acts of War" is one of those common exclusions to insurance policies, so the insurer has an incentive to always claim cyber attacks are nation-state sponsored if the insurer wins that case.

The other case I think is about the difference between a general corporate insurance policy which has some coverage related to fraud and the insurer who claims the insured should have purchased a standalone cyber insurance policy. I think that case partially revolves around "when fraud happens on a computer network, is that a 'hack' or is it traditional fraud?"