Cyber Update

Dear Partners,

Below are several recent cyber-related developments that we believe are particularly relevant from both a risk and insurance perspective.

📌A recent U.S. court decision, Perry v. Obsidian Specialty Insurance Company, addressed a key cyber insurance coverage issue-

whether a series of losses should be treated as one event or multiple events for the purpose of applying the policy limit.

According to reports, the case arose after Perry Builders and Cyber Inc. suffered losses following an initial database / cloud-related failure that led to broader disruption, including damage to electronic records, invoices and business data.

The court viewed that initial failure as the originating cause of the subsequent losses and therefore treated the matter as a single event, rather than multiple separate incidents.

This is an important reminder that, in cyber policies, the wording around event, occurrence, related acts and aggregation can be critical.

The way these provisions are drafted may significantly affect how limits, retentions and loss allocation apply at claim stage.

📌In parallel, Namibia Airports Company disclosed a cyber incident involving unauthorized access and data exfiltration, while the INC Ransom group publicly claimed responsibility and threatened to leak stolen data. The case is notable because it involves airport infrastructure and demonstrates again how cyber events in transport and operational environments may have both data and business continuity implications.

📌We are also seeing indications of a new ransomware brand, ALP-001, attempting to establish itself by listing large-name victims such as Ingersoll Rand and Hikvision.

Even at an early stage, this serves as a reminder that the ransomware ecosystem remains dynamic and that new groups continue to emerge and compete for visibility.

📌Another development with broader security implications came from France, where a Strava activity reportedly allowed journalists to track the aircraft carrier Charles de Gaulle in near real time.

While not a classic cyberattack, it is a strong example of operational security exposure created by connected apps, location sharing and personal devices.

For organizations, this is a useful reminder that cyber risk often extends beyond malware and network intrusion, and may also arise from digital hygiene failures, metadata leakage and human behavior.

📌On the vulnerability front, a critical Microsoft SharePoint Server flaw has been reported as actively exploited, requiring urgent remediation.

For insureds and prospects operating on-premises SharePoint environments, patch discipline, asset visibility and timely remediation remain especially important.

📌Finally, authorities announced the disruption of several major IoT botnets linked to large-scale DDoS activity. This is a timely reminder that insecure connected devices continue to create meaningful aggregation and service disruption exposure, particularly for organizations dependent on uptime, internet-facing services or third-party infrastructure.

Beyond the individual incidents themselves, there is also a broader underwriting takeaway.

Taken together, these developments are a useful reminder that compliance does not always equal resilience.

Formal frameworks, certifications and documented procedures are important, but in practice the real differentiator is often whether an insured can actually respond under pressure:

make decisions with incomplete information, prioritize between simultaneous issues, escalate at the right stage and maintain operational continuity in reality, not only on paper.

For brokers, this is increasingly relevant at placement stage.

Beyond policy wording and baseline controls, the quality of a cyber risk is also shaped by the insured’s real-world incident readiness, business continuity assumptions and management’s ability to operate through disruption.