An Israeli security firm recently uncovered a hacking operation that had been active for more than a decade. Over that period, hackers breached government servers, banks and corporations in Germany, Switzerland and Austria by using over 800 phony front companies (which all had the same IP address) to deliver unique malware to victims’ systems. The hackers purchased digital security certificates for each phony company to make the sites appear legitimate to visitors. Data reportedly stolen included studies on biological warfare and nuclear physics, plans for key infrastructure, and bank account and credit card data.
The attack highlights concerns, not only about cybersecurity, but also about the extent to which such breaches are covered by specialty cyber insurance policies. These policies typically are written on a claims-made basis; that is, a policy responds to a claim made during its policy period. However, the policies also restrict coverage to events occurring on or after a “retroactive date.” Given that these types of breaches sometimes result from events stretching over years, even decades, and a breach may not be discovered for years, the retroactive date may limit the available coverage. If coverage for a loss related to a data breach is blocked by a cyber policy’s retroactive date, it may be necessary to look to standard general liability policies for coverage.