Profile picture
Lesley Carhart @hacks4pancakes
, 7 tweets, 1 min read Read on Twitter
The Zurich / Mondelez case is going to have implications for cyber insurance sales and where CISOs spend money. Not only is Zurich’s claim apparently that nation state adversaries can’t be insured against, but it adds the ever tenuous question of attribution to insurance claims.
I mean, they’re not entirely wrong to be wary - if a dedicated state actor wants to compromise your organization, they probably will. That’s not really what happened in the case of NotPetya, though. By design, most of the victims were merely recon-less targets of opportunity...
I can see some really fuzzy semantic space there, even with a clause involving state-sponsored / wartime activities. What if codebase from a state adversary is reused in a commodity attack? Will insurers present their own reversers as expert witnesses?
Whose attribution will the insurer consider correct for the purpose of denying claims? Their own? The United States intel agencies? Commercial firms? The firm the victim hired to help with response and reporting?
Consider the common attribution of the major historic breaches of retail and medical organizations for the last decade - and thusly the implications of this becoming precedent. Very interesting, indeed.
Ah, and yes - there is kinetic legal precedent for this, certainly. The problem is that CTI attribution is a lot fuzzier typically, and there are almost always disputes about it between organizations. False flags and code reuse are a big problem, too.
(Zurich isn’t necessarily in the legal or ethical wrong. Just many questions and potential implications for how victims, insurers, and adversaries will behave in the future.)
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lesley Carhart
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!