Cyber insurance is the crucial risk-management tool as cyberattacks on businesses and government agencies – and the likelihood of spillover attacks against non-primary targets – increase following the Russian invasion of Ukraine, Fitch says.

Potential targets include critical infrastructure such as financial services and utilities, and the conflict has amplified an existing trend of more frequent, larger and more sophisticated attacks, the ratings agency says, posing significant financial, reputational and legal risks.

It notes government agencies globally have highlighted increased cyber risk amid the deepening crisis.

“This is a fluid situation that Fitch is closely monitoring,” it said.

Fitch says cyber insurance is key while also noting increased scrutiny regarding acts of war exclusions in policies has led insurers to clarify cyber policy language and address "silent cyber" issues by adopting wording that specifically either excludes, or affirms, coverage of cyber events.

“Insurers have also incorporated coverage sub-limits for cyber insurance, increased premiums, and/or required stronger cyber hygiene for the insured,” it said.

Along with appropriate insurance, it recommends continual threat assessment and segmenting IT infrastructure, and says ratings may be affected by sustained payment interruption, changes in access to funding, and lasting effects on a franchise or reputation.

“While Fitch views an increase in cyber-attacks as a credit negative, every incident will be evaluated within the context of each issuer's credit profile,” it says.

Fitch cites figures from security vendor SonicWall showing ransomware attacks jumped 105% to 623 million, featuring attacks on government, healthcare, education and retail.

Fitch also says the 2017 NotPetya attack is an example of spillover risk as it initially targeted Ukrainian entities but ultimately affected computer systems across the globe, costing billions.