Janardhan NWhat if your cyber insurance refused to pay after the biggest attack your business had ever faced?
This is no longer a hypothetical scenario. In March 2023, Lloyd’s of London made it mandatory for all standalone cyber insurance policies to exclude state-backed cyberattacks.
This step was taken to clear the confusion around “silent cyber” risks – where policies leave businesses in the dark about what was covered and what wasn’t.
Fast forward to 2025, and the threat has only grown. We have seen multiple conflicts like Russia–Ukraine, Israel–Iran, and India-Pakistan, and how they have grown beyond the physical borders into cyberspace.
This has impacted industries across logistics, finance, and economies – even in places far from the frontlines.
It has been clear by now that today’s wars don’t just happen on land, sea, or air. They’re fought in the digital realm too and when state-backed actors are involved, businesses everywhere are at risk.
The question is whether your insurance will stand by you or leave you exposed when you need it most. Let’s understand more about war exclusion in cyber policies in this blog.
What Is the War Exclusion in Cyber Insurance?
The war exclusion is a clause in insurance policies that removes coverage for losses caused by war or war-like events. Traditionally, this applied to physical wars involving armies, weapons, and borders.
In cyber insurance, the same idea is now being applied to digital attacks. The concern is that state-sponsored cyberattacks can be massive in scale, almost like acts of war.
Insurers argue they cannot take on risks that could cost billions of dollars across multiple countries.
For businesses, this means if an attack is linked to a government, your insurer may say it falls under the war exclusion. And if that happens, your claim could be denied.
Why Choose Mitigata for Cyber Insurance?
The fine print in cyber policies can make or break your recovery after an attack. At Mitigata, we make sure businesses don’t get caught off guard by hidden clauses like the war exclusion.
Here’s what makes us different:
- Tailored coverage options – From startups to enterprises, we match coverage to your risk profile and industry needs without any surprises.
- 24/7 expert support – We know cyber incidents don’t follow office hours. Hence, we are available around the clock to guide you.
- Fast & hassle-free claims – Once an incident happens, we make sure to streamline the claims process so you get the support and payout without unnecessary delays.
- Full-spectrum protection – From ransomware to state-linked cyberattacks, our policies are designed for today’s evolving threats.
- Partnered with top insurers – We work with leading global insurance providers to secure the best-fit policies for you.
- Best market rates – 500+ businesses have received comprehensive coverage at competitive prices.
Cyber Insurance for Manufacturers Starts at Just ₹49,000/year*
The Gray Zone: Cyber War vs. Cyber Attack
Not every cyberattack is the same. A standard cyberattack could be ransomware from a criminal group trying to make money. A cyber war attack, on the other hand, is launched or backed by a nation-state to disrupt another country’s systems. The problem lies in knowing who is really behind the attack. This is called attribution, one of the important and difficult things in cybersecurity. Hackers often use fake identities, stolen tools, or servers in other countries. By the time investigators start tracing, the trail is already cold.2 Real-world cases:
NotPetya (2017):
What started as an attack on Ukraine spread worldwide fast. Even major companies like Maersk and Merck were severely impacted, losing billions of dollars. However, the insurers refused to pay, calling it an act of war. As a result, this case was moved to court, creating controversial news about whether cyberattacks should be treated like traditional acts of war.WannaCry (2017):
This ransomware created a mess in over 150 nations, shutting down hospitals, rail networks, and companies. It was later found that North Korea was involved. Some victims had insurance but many were unsure if their policies would compensate them for this state-sponsored attack.Microsoft Exchange Breach (2021):
Hackers compromised tens of thousands of organizations globally by taking advantage of vulnerabilities in Microsoft Exchange email servers. The attack was later attributed to groups backed by China. Victims included small businesses, local governments, and large enterprises. The scale of exposure raised questions about whether such state-backed intrusions would be covered under standard cyber policies.Marriott International Data Breach (2018):
Personal data of around 500 million guests was exposed in a breach of Marriott’s reservation system. Investigators linked the incident to a group believed to be working with the Chinese government. The case highlighted how state-sponsored actors don’t just target governments or infrastructure – they go after private companies too, creating uncertainty for insurers and policyholders.Yahoo Attack (2013–2016):
The Yahoo breaches between 2013 and 2016 hit over three billion user accounts, making it one of the biggest data breaches ever. US officials blamed Russian government-backed hackers for this attack. Such high-profile Yahoo cases simply show how state-sponsored cyber campaigns can cause massive damage while running for years. These examples show why the line between “cybercrime” and “cyber war” is blurry. And that blur creates problems for policyholders. If you’re confused about cyber insurance then, you should definitely check these 10 benefits of cyber insurance and why it’s a must-have for modern businesses.Real-Life Implications for Businesses
The war exclusion isn’t just a legal clause. It has very real consequences for businesses of every size.Mitigata's Tailored Cyber Insurance Starts at Just ₹49,000/year*
Here’s what can happen:
Denied claims: You pay premiums for years, then your insurer refuses to cover you when a major attack hits. Merck faced this problem, and smaller companies risk the same outcome.
Massive financial losses: Beyond ransom payments, you face downtime, lost revenue, legal fees, and damaged reputation. Without proper coverage, you may end up paying for everything by yourself.
Supply chain disruption: You don’t need to be the main target to suffer. If a supplier, software vendor, or logistics partner gets attacked, your business can stop completely. NotPetya proved how one weak link can shut down global operations.
Legal battles: When insurers deny claims using war exclusions, businesses often fight back in court. But court battles can take years, cost millions, and create unnecessary stress when companies should focus on recovery.
Insurance That Moves at the Speed of Cyber Threats
From ransomware to phishing, get 24/7 protection, quick payouts, and policies customised for your exact risk profile.
What This Means for Buyers of Cyber Insurance
If you’re buying or renewing a cyber insurance policy, the war exclusion should be top of mind. Many companies sign policies without asking detailed questions, and that can be a costly mistake.
Here are steps buyers should take:
- Read the wording carefully. Not all exclusions are written the same way. Some are broad, excluding any attack linked to a government. Others are narrower, leaving more room for coverage.
- Clarify ransomware coverage. Ransomware is often tied to criminal groups with possible state connections. Ask your insurer if these will still be covered.
- Discuss real scenarios. What happens if your cloud provider is taken offline in an attack? Or if your systems are hit by malware later attributed to a foreign government? Understanding how your insurer responds in these cases is key.
- Negotiate where possible. Large companies sometimes get special endorsements that give them limited protection, even in state-linked cases. Small businesses may not have the same power, but it’s worth asking.
- Strengthen your defenses. Insurance doesn’t replace good cybersecurity. Build multiple layers of protection with monitoring, backups, training, and response planning. This cuts your risk and may lower your premiums too.
Discover the top cyber insurance companies in India and find the perfect coverage for your business with Mitigata.
Conclusion
The war exclusion clause matters when you’re buying cyber insurance. This small detail can cost you big, especially as more cyberattacks link back to government hackers and global conflicts.
Read your policy carefully before signing. Make sure you know what’s covered and what’s not. If you need cyber insurance that actually protects your business, contact us today for the right coverage.
akshit k