@HardenStance I find this unsurprising. I talked about this on   but it warrants a message here too.

Insurance coverage for environmental and asbestos claims followed similar paths in the 70s-90s. Carriers didn’t intend to cover those claims when they wrote the original policies because the risks didn’t really exist (long-tail claims could cover multiple years dating back to the 50s-60s). They didn’t know they would exist, so couldn’t properly assess the risk.

We’re seeing a similar “correction” for ransomware. The nation-state coverage wasn’t exactly intended (as evidenced by litigation over the war exclusion) and now insurers are refocusing their policy language to reduce coverage litigation costs and respond to evolving risk.