Webinar Recap: Cyber Risk in Wartime – Threat Intelligence, Risk Modeling, and Insurance Strategy

Cyber Risk in Wartime: What Leaders Need to Know Now

As geopolitical tensions rise, cyber risk is no longer a theoretical concern; it’s a board-level issue demanding immediate attention. In our recent webinar, leaders from Axio, Dragos, and Lockton came together to unpack how wartime dynamics are reshaping cyber threats, operational risk, and insurance coverage, and what organizations can do about it.

Download the Recording Here

The Evolving Threat Landscape

Mark Stacey, VP of Risk and Resilience at Dragos, opened the discussion with a clear message: while cyber risk has always existed, adversary capability is accelerating, which is especially true during times of geopolitical conflict.

Dragos focuses on operational technology (OT), where digital attacks can create real-world, physical consequences. Recent conflicts have shown that cyber activity often accompanies cyber-kinetic attacks with retaliatory and opportunistic campaigns targeting internet-facing systems, legacy assets, and critical infrastructure.

Key threat trends include:

• Increased exploitation of remote access and legacy systems
• Sophisticated phishing campaigns aimed at engineers and operators (not executives)
• Custom “wiper” malware designed to disrupt industrial control systems
• A surge in hacktivism and indiscriminate attacks during global conflicts

Industries that are at the highest risk include Energy, Oil and Gas, Water and Wastewater, Manufacturing, Food and Beverage, Chemicals, and Logistics. Importantly, Mark emphasized that Dragos avoids attribution to specific nation-states, instead focusing on observable behaviors, tactics, and capabilities.

Despite the seriousness of these threats, Stacey emphasized an encouraging takeaway: defense is doable. Organizations that focus on the basics – visibility, detection, and resilience – are often successful even against well-resourced adversaries.

Making Cyber Risk Real Through Quantification

Scott Kannry, Co-Founder and CEO of Axio, built on that foundation by addressing a familiar scenario: the call from a CEO or board member asking, “What would happen to us if we were attacked?”

Cyber Risk Quantification (CRQ) helps organizations answer that question by translating cyber events into business and financial impact. Rather than abstract risk scores, CRQ breaks down how attacks affect operations, revenue, safety, and recovery.

Kannry shared three real-world-inspired scenarios:

• Food & Beverage: Manipulated product labeling leads to consumer harm, recalls, regulatory fines, and legal claims, with losses ranging from hundreds of thousands to over $100 million.
• Water Utilities: Compromised SCADA systems force shutdowns and boil-water advisories, driving remediation and regulatory costs.
• Energy: A cyber incident in a refinery’s safety system triggers a precautionary shutdown, resulting in billions of dollars in lost production.

Scott underscored that isn’t just the headline loss number; it’s understanding where losses come from and which scenarios deserve the most attention. That clarity enables better prioritization, targeted controls, and smarter resilience planning.

The Insurance Question: Will Cyber Policies Respond?

The “million-dollar question,” addressed by Chuck Jainchill, U.S. Cyber & Technology Product Leader at Lockton, centered on cyber insurance, and specifically, war exclusions.

Cyber insurance policies include war exclusions because war is considered a systemic risk that private insurers cannot absorb at scale. However, Jainchill emphasized a critical point: a cyber incident occurring during a war does not automatically trigger a war exclusion.

Key takeaways include:

• War exclusions are narrowly interpreted and difficult to invoke
• Attribution, intent, and connection to the war effort matter
• Hacktivism and opportunistic criminal attacks are typically not excluded
• Each claim is highly fact-specific

He also cautioned that many cyber policies exclude physical damage and infrastructure failures, meaning some cyber-driven losses may fall outside traditional cyber coverage and require coordination with property, casualty, or specialty insurance policies.

What Boards Often Misunderstand

In a closing “speed round,” each speaker highlighted a common board-level misconception:

• Mark, Threat Intelligence: Boards often over-focus on IT while revenue depends on OT.
• Scott, Risk Modeling: The event may be familiar, but the impact is often misunderstood.
• Chuck, Insurance: Cyber insurance remains essential, even though some systemic risks will always be uninsurable.

Clarity Before Consequences

The unifying theme of the discussion was simple but powerful: clarity before consequences. Organizations that understand how cyber events could realistically impact their operations, finances, and coverage are far better positioned to respond and recover.

In an era where cyber risk and geopolitical risk are increasingly intertwined, resilience starts with understanding what could happen, how it would unfold, and what you can do today to prepare. That’s why Axio is offering complimentary CRQ Insights Reports to help organizations understand their cyber risk exposure in the context of wartime threat activity.

A CRQ Insights Report translates your specific operational environment into quantified loss scenarios, giving leadership the clarity they need to act.

What we need from you:

• Name of your organization
• URL for your organization’s website

What You’ll Receive:

• Quantified loss scenarios tailored to your sector
• Attack path plausibility analysis
• Insurance coverage alignment insights

CONTACT US today!