The war in the Middle East has brought the threat of cyber attacks back into the spotlight. S&P Global Ratings believes there is a higher risk of serious cyberattacks during or after military operations, as seen in previous geopolitical conflicts. Overall, the conflict in the Middle East highlights the growing interconnection between cyber risk, geopolitics and the insurance sector, reinforcing the importance of clear contractual language, prudent underwriting practices and robust operational safeguards to preserve the resilience of insurance portfolios.
For now, limited impact on portfolios
In its latest report, S&P highlights that cyber risk analysis firms have reported increased activity among threat actors and affiliated hacktivist groups since the start of the war in the Middle East. This includes distributed denial of service (DDoS) attacks, phishing campaigns, and attempts to compromise corporate networks and critical infrastructure.
To date, no large insurance losses related to cyber risks directly attributable to the war in the Middle East have been publicly reported. Most incidents appear to have disrupted services or systems without generating significant insurance losses. However, while the impact of war on insurance companies’ cyber risk portfolios currently appears limited, the situation remains fluid and could further worsen, especially once the armed conflict ends.
Cyber attacks and coverage uncertainties
S&P highlights how geopolitically motivated cyber attacks raise several concerns for insurers and reinsurers, particularly around loss uncertainty, systemic risk and operational exposure.
Cyber insurance policies generally contain clauses that exclude losses resulting from wars between sovereign states. However, attribution of cyber attacks is often complex. It can be difficult to determine whether a cyber attack can be considered an act of war and therefore excluded from insurance coverage. This can lead to coverage uncertainty and litigation following large-scale cyber attacks.
Furthermore, S&P notes, cyber risk is inherently systemic and unique, as attacks can simultaneously affect multiple companies around the world. This creates cumulative risk within reinsurance companies’ cyber portfolios, which can simultaneously trigger multiple insurance claims across different policies or lines of business.
Not only that. The operational activities of reinsurance companies are themselves at risk of cyber attacks, given their reliance on digital infrastructure and the large volumes of sensitive data relating to policyholders and the financial data they manage.
Better prepared insurers: increasing demand for coverage
The main uncertainty concerns the possible escalation of malicious cyber activity towards larger, coordinated and state-linked attacks. Such attacks could seriously challenge underwriting models, increase risk accumulation and trigger litigation over coverage.
In recent years – observes S&P – insurers have progressively refined the formulation of cyber policies, especially in terms of exclusions linked to war and state-sponsored cyber activities, in order to clarify the limits of coverage. At the same time, underwriting frameworks increasingly integrate cyber risk analysis, threat intelligence and geopolitical risk assessments to better understand systemic exposure.
Meanwhile, the protection gap in cyber insurance remains significant, as many businesses remain uninsured or underinsured against cyber risks, despite growing reliance on digital. Increased geopolitical tensions and increased awareness of cyber attacks could further increase demand for cyber coverage. Alongside traditional insurance solutions, alternative risk transfer mechanisms and public-private partnerships could play an important role in gradually reducing this protection gap.
Rating, between diversification and resilience
From a ratings perspective, S&P’s focus remains on insurers’ risk management practices, portfolio diversification and operational resilience. While recent cyberattacks linked to geopolitical tensions have not impacted insurers’ credit profiles, a sustained escalation of malicious cyber activity or a large systemic cyberattack could increase claims volatility and challenge policy interpretation, particularly in cases where attack attribution remains uncertain.
