Impact of the Russian Invasion of Ukraine on Cybersecurity in Canada
Observations From Cybersecurity Experts
- Following the invasion of Ukraine, we have seen significant shifts in organization and approaches taken by cyber-attack perpetrators, both in Russia and around the world.
- Hacker groups have experienced significant infighting and been plagued by internal political conflict.
- We have also seen a decrease in attacks involving Western countries, as threat actors appear to be focusing their attention on Ukrainian and Russian targets. However, this downtick is likely only temporary.
- Hackers will continue to mobilize and attacks are likely to become more varied and sophisticated as the conflict continues.
The Impact of Canada’s Sanctions Program
- Canada’s Russian sanctions program is likely the most complex and impactful sanctions regime of its kind in our modern history.
- The recent wave of sanctions has somewhat complicated how companies can best respond to attacks and may make it more difficult to negotiate ransom payments. Once a threat actor or group engaging in ransomware attacks is listed on a sanctions list, Canadian entities cannot do business with them (including by way of a ransom payment).
- Issues may also arise where an entity contemplates a ransomware payment involving a sanctioned financial institution.
- The sanctions, while not outright embargos or wholesale bans on trade, investment and services, have been initiated against Russia in coordination with Canadian allies.
- However, countries are implementing different measures and in different ways, making it challenging for entities to effectively screen threat actors to ensure that they are not sanctioned.
Cyber-insurance Coverage
Act of War Clauses
- More organizations are turning to their insurers for coverage to help insulate against losses and costs associated with paying ransomware demands.
- Insurers have made and are likely to continue to make use of “act of war” exclusions to deny coverage related to cyberattacks.
- Consideration must be given to such exclusions, which create carve-outs in coverage for losses caused by war-related events.
- The application of such clauses will depend on their wording, the characteristics of the incident and insurers’ ability to prove that an incident can be linked to a foreign government as an act of warfare.
Effect on Premiums and Underwriting Criteria
- A rise in claims in recent years has meant a rise in insurance premiums. Cyber insurance rates have recently risen by 130% in United States and 92% in the United Kingdom.
- Insurers have also started tightening underwriting criteria, enacting additional controls and strict requirements before awarding cyber policies.
Proactive Protections
- Canadian entities must be organized and proactive in taking steps to protect their networks. A focus on the right technology, knowledge and expertise, set out in a strategic risk management plan, will serve as the best defence against attacks.