Cyber Disruption on the Rise: Key Takeaways for Organizations

Last week, a US based medical device company experienced a cyber incident that prompted precautionary measures across portions of its network while the company assessed the scope and nature of the attack. The attack was claimed by a pro-Iranian hacktivist group and appeared to be part of a broader wave of cyber activity linked to the ongoing conflict with Iran.

Why This Matters

Iran maintains a worldwide capability and expertise to effect cyber operations against Western targets and is likely to continue to utilize it as a counter to US-led operations

Events like this reflect a broader shift in the cyber threat landscape. Increasingly, attacks are designed to disrupt operations, not just steal data or deploy ransomware.

Organizations tied to critical infrastructure, defense ecosystem, technology, healthcare, financial institutions, manufacturing, and logistics face heightened exposure as operational disruptions can quickly cascade across supply chains.

What Organizations Should Consider

• Review incident response and containment procedures to ensure teams can quickly isolate affected systems.
• Evaluate third-party and supply-chain dependencies that could amplify operational disruption.
• Stress-test business continuity plans for cyber-driven outages.
• Review cyber insurance coverage, including business interruption triggers and policy language addressing disruptive or state-sponsored cyber events.

How We Can Help

Our cyber team is closely monitoring developments related to this incident and the broader threat environment. We would be happy to help organizations evaluate cyber insurance coverage, review policy language around business interruption and systemic cyber events and discuss strategies to better manage operational cyber risk. Below are practical insurance considerations:

• Review Cyber War Exclusions and attribution risk.Most cyber policies contain a war exclusion, and insurers may attempt to classify any Iran-related attack as state-backed cyber warfare. Review your language to see if the exclusion requires formal governmental attribution and if coverage still exists for non-state proxies or hacktivists.
• Review Business Interruption Exposure. Given Iran’s focus on disruption rather than data theft, companies should consider how disruption to any portion of their supply chain impacts operations. Review waiting periods, dependent business interruption triggers, and how systems failure coverage works.
• Consider the potential impact to your property. Some Iranian attacks target industrial control systems (ICS) and could disrupt pipelines, refineries, manufacturing, or other heavy industries which could result in physical damage. Review currency property coverage to see how cyber triggered physical damage is handled.
• Know your next step: Have incident response vendors on speed dial and ensure all firms are approved by your insurance carrier.