As cyber threats continue to escalate in frequency and complexity, the world has witnessed the rise of cyber warfare. In response to this evolving landscape, the insurance industry has adapted its policies to address the unique challenges posed by cyber incidents. Juliusz Małyszko explained about War and Cyber Operation Exclusion in cyber insurance at Colonnade.


In the modern age of interconnected systems and digital dependency, the concept of warfare has extended beyond traditional battlefields to encompass the virtual realm. As cyber threats continue to escalate in frequency and complexity, the world has witnessed the rise of cyber warfare—a new frontier where nations and adversaries engage in conflict through hacking, espionage, and digital disruption. In response to this evolving landscape and escalation of situation in Ukraine, the insurance industry has adapted its policies to address the unique challenges posed by cyber incidents.

Traditional warfare, characterized by kinetic actions, has been augmented by a more insidious form of aggression—cyber-attacks that can cripple infrastructure, steal sensitive information, and disrupt essential services, all without the use of physical force. From nation-states to criminal syndicates, threat actors exploit vulnerabilities in digital systems to achieve political, economic, or strategic goals.

Observing the current situation, we want to adapt Colonnade’s protection offer for cyber risks to the new realities. We are looking at the cases of reported claims, and the solutions used in Western European markets.

A traditional war exclusion has been used in the case of Merck, a pharmaceutical firm hit by a NotPetya cyber-attack. It was claimed under an all-risks policy and while the insurer declined pointing to their war exclusion, during the appeal process Merck has won their case, due to the exclusion not being precise enough.

As we observe the growing tension in Ukraine and rising number of cyber-attacks, we need to improve our approach to impactful cyber operations that are part of a war, to better manage expectations of our insured and our own exposure.

We looked at solutions prepared by Lloyd’s Market Association for use in their market, as well as solutions prepared by MunichRe and decided that we need to mix those two to fit our needs. As such, we have decided that we need to decidedly exclude all and any losses arising from war or cyber operation. We have also forgone attributing the cyber operation by ourselves and instead pointed to governments or respected European/International bodies (like NATO, UN, ENISA, etc.). This was done for clarity to insured as to how we will be applying the exclusion.

While it is natural for our clients and associates to be hesitant of any new exclusions and look towards certainty of coverage, our intention with this exclusion is to only cover highly impactful events and aggregated losses. Any smaller events concerning a single company would only be subject to general terms and conditions and the scopes and exclusions presented there.