In the present day, modern geopolitical conflicts are increasingly entering cyberspace. Morningstar DBRS says even in moments of ceasefire, cyber warfare can continue beyond the domain of physical warfare.
Despite this risk, the ratings agency notes that the current soft market for cyber insurance is likely to persist unless a major cyber loss materially changes market expectations for future claims. They also say war-related cyber exclusions will be materially tested under the current conflict, as “state-linked cyber operations are materially involved in the Iran war.”
The latest commentary from Morningstar DBRS, entitled Rising Geopolitical Tensions Elevate Cyber Tail Risks, but Market Fundamentals Hold, further notes that the Iran war will lead to a higher incidence of cyber activity in the medium term, likely boosting demand for cyber insurance products. Those seeking such coverage globally, have typically enjoyed lower prices across most regions, helped by low insured losses, tighter terms and increased reinsurance competition and capacity.
“The cyber insurance market features substantial risk sharing, with reinsurers generally assuming a material portion of the overall exposure, reflecting the ongoing uncertainty around loss frequency and severity,” they write, adding that no major systemic cyber loss events occurring since 2023 have been reflected in reinsurance renewals. In the U.S. market they note that conditions have led to rate reductions of approximately 30 per cent.
A key structural vulnerability
That said, cyberattacks persist because of the relatively low associated cost, ease of deployment and challenges in determining attribution. “In our opinion, destructive cyber attacks from state-linked and proxy groups may be the dominant tail scenario going forward,” they add. “Cyber accumulation risk (i.e., the risk that one cyber attack could have a widespread impact) has emerged as a key structural vulnerability for insurers and reinsurers in recent years.” They add that accumulation risk could be materially amplified as tensions increase the likelihood of attacks that are destructive.
“Insurers are scrutinizing war-related exclusions in cyber insurance policies,” they continue, saying insurers have broadened these exclusions to address cyber incidents that are linked to state-backed actors.
“Market-standard exclusion wording has shifted away from debating whether an incident constitutes “war” toward a threshold-based test focused on whether a cyber operation causes a major detrimental impact on a state’s essential services, such as power generation, telecommunications, or financial infrastructure. This threshold‑based approach protects the insurers from general major nationwide losses, while preserving coverage for cyberattacks affecting individual commercial entities. In practice, the application of these exclusions varies significantly,” Morningstar’s researchers add. “In our view, this exclusion wording will be materially tested under the current conflict.”
