Skip to content.

Impact of the Russian Invasion of Ukraine on Cybersecurity in Canada

Observations From Cybersecurity Experts

  • Following the invasion of Ukraine, we have seen significant shifts in organization and approaches taken by cyber-attack perpetrators, both in Russia and around the world.
  • Hacker groups have experienced significant infighting and been plagued by internal political conflict.
  • We have also seen a decrease in attacks involving Western countries, as threat actors appear to be focusing their attention on Ukrainian and Russian targets. However, this downtick is likely only temporary.
  • Hackers will continue to mobilize and attacks are likely to become more varied and sophisticated as the conflict continues.

The Impact of Canada’s Sanctions Program

  • Canada’s Russian sanctions program is likely the most complex and impactful sanctions regime of its kind in our modern history.
  • The recent wave of sanctions has somewhat complicated how companies can best respond to attacks and may make it more difficult to negotiate ransom payments. Once a threat actor or group engaging in ransomware attacks is listed on a sanctions list, Canadian entities cannot do business with them (including by way of a ransom payment).
  • Issues may also arise where an entity contemplates a ransomware payment involving a sanctioned financial institution.
  • The sanctions, while not outright embargos or wholesale bans on trade, investment and services, have been initiated against Russia in coordination with Canadian allies.
  • However, countries are implementing different measures and in different ways, making it challenging for entities to effectively screen threat actors to ensure that they are not sanctioned.

Cyber-insurance Coverage

Act of War Clauses

  • More organizations are turning to their insurers for coverage to help insulate against losses and costs associated with paying ransomware demands.
  • Insurers have made and are likely to continue to make use of “act of war” exclusions to deny coverage related to cyberattacks.
  • Consideration must be given to such exclusions, which create carve-outs in coverage for losses caused by war-related events.
  • The application of such clauses will depend on their wording, the characteristics of the incident and insurers’ ability to prove that an incident can be linked to a foreign government as an act of warfare.

 Effect on Premiums and Underwriting Criteria

  • A rise in claims in recent years has meant a rise in insurance premiums. Cyber insurance rates have recently risen by 130% in United States and 92% in the United Kingdom.
  • Insurers have also started tightening underwriting criteria, enacting additional controls and strict requirements before awarding cyber policies.

Proactive Protections

  • Canadian entities must be organized and proactive in taking steps to protect their networks. A focus on the right technology, knowledge and expertise, set out in a strategic risk management plan, will serve as the best defence against attacks.

 

Authors