Rising geopolitical instability is prompting businesses to take out – or strengthen – cyber insurance policies as the escalating Iran conflict fuels fears of disruptive cyberattacks.
Companies fear they could be caught in the crossfire or even targeted directly.
Insurance law firm Kennedys warned insurers may face several types of losses simultaneously – from supply chain disruption as well as cyberattacks.
US banks are already on high alert following warnings they could face disruptive distributed denial-of-service (DDoS) attacks.
As a result “cyber insurance is viewed as the commercial product most likely to see rising demand,” said GlobalData insurance analyst Charlie Hutcherson, “as businesses anticipate a higher probability of disruptive cyber events alongside physical disruption.”
Some 27.4 per cent of respondents to a recent GlobalData survey ranked cyber insurance as “a more immediate pressure point than several traditional geopolitical covers” that companies take out to protect their operations, GlobalData reports.
These include insurance against political risk (25 per cent), supply chain interruption (23.8 per cent), and business interruption (13.1 per cent) – all of which have become immediate problems as fears of disruption in the Strait of Hormuz send markets spiralling.
“While underwriters are already reassessing exposures tied to shipping and energy corridors such as the Strait of Hormuz,” Hutcherson said, “the bigger shift is that companies are planning for conflict spillover into Western markets through cyber activity.”
That shift could shock an industry that last year saw cyber insurance as a major growth opportunity – with around $353 million ($US250 million) of new capital earmarked for cyber insurance underwriting as premiums fell by 11 per cent despite surging attacks.
These dynamics saw cyber insurers start 2026 expecting big things, with one Marsh survey of 2,200 cyber risk leaders in 20 countries finding that three-quarters expected to increase their cybersecurity spending this year – and insurers expected to benefit.
In January Luke Foord-Kelcey, global head of cyber with Howden Re, flagged “plentiful capacity and strong reinsurer appetite” to buy cyber security risk, predicting that the glut could drive “favourable terms and greater structural flexibility” for policies.
Businesses caught in shadow cyber war
Businesses were targeted by cyber attacks even before the first bombs fell, with security firms reporting that the ‘Muddy Water’ group, from Iran’s Ministry of Intelligence and Security (MOIS), had been infiltrating banks and other firms since early February.
A parallel cyber war has ensued – with Iranian government-linked cyber groups hacking Israeli security cameras to help target their missiles, and Israel claiming to have destroyed the cyber operations of the Iranian Revolutionary Guard Corps (IRGC).
IRGC has also been linked to election interference and sanctions-evading cyber thefts – tactics similar to those used by North Korea.
According to blockchain analytics firm Chainalysis, the organisation and its proxies accounted for more than half of the cryptocurrency value received by Iranians in the fourth quarter.
Companies considered ‘high risk’ – those using three or more technologies “historically targeted by Iranian cyber threat actors” such as Muddy Water, APT 33 and Fox Kitten – are likely to need the most support from insurers, according to a CyberCube analysis of 975 companies.
The analysis found 12 per cent of ‘high risk’ US-based firms with revenues above $1.4 billion ($US1 billion) – across banking, finance, energy, utilities, oil and gas, healthcare, telecommunications and the public sector – should be approached for “targeted security improvements.”
IRGC’s role could complicate insurance claims
The Iranian government’s active involvement in war-related cyber crime could complicate insurance claims. Many cyber insurance policies include wartime or ‘force majeure’ exclusions.
Companies must “carefully consider” such exclusions “and how these risks will be managed” when buying cyber insurance, the Australian Government Solicitor advised last year, offering a matrix to help buyers weigh their ICT related cyber risk.
“It is important to distinguish between activity that may align with state interests and activity that is merely conducted by Iranian actors without formal sanction,” noted CyberCube director of cyber threat intelligence services William Altman.
Yet Australian companies may find it tricky to make this distinction in the absence of detailed forensic analysis, with attribution of specific attacks often difficult and insurers likely to lean heavily on policy exclusions given the dynamics of the current conflict.
“The warning of potential Iranian cyber attacks is particularly worrying even for those businesses who carry comprehensive cyber insurance,” noted Aaron Le Marquer, head of policyholder disputes at law firm Stewarts.
“Exactly how a policyholder is to establish whether an attack is in fact state-backed remains to be seen in practice, with various different mechanisms proposed but not yet tested.”
“Add to that a myriad of different exclusion wordings in the market (with 48 approved Lloyd’s versions at last count), and it is easy to see a chaotic coverage picture emerging in the event of widespread attacks.”
