Underwriting cyber in an age of geopolitical uncertainty: who has what where?

Amid rising tensions, shifting alliances, and the growing use of sanctions and tariffs as political tools, today’s geopolitical landscape is defined by uncertainty — and its ripple effects are increasingly digital. Wars, sanctions, and trade tariffs are no longer just geopolitical flashpoints; they’re catalysts for cyber threats that can ripple across borders and industries. For cyber insurance underwriters, this evolving landscape raises urgent questions — not about if these events will impact their portfolios, but how deeply and how fast.

What was once background noise may now become a direct influence on how insurers assess and price cyber risk. Rising geopolitical tensions, expanding sanctions, and escalating trade wars are converging to create a uniquely volatile environment for cyber insurers. These forces don’t operate in isolation — they amplify one another, turning location into a critical underwriting variable.

For example, new tariffs targeting technology providers in certain regions may force businesses to shift data or services at short notice, increasing the risk of misconfigurations, downtime, or weakened security controls. As digital infrastructure becomes entangled in international disputes, insurers must understand where their insureds’ digital assets are hosted, operated, or dependent, because in today’s landscape, geography can define exposure.

Cyber risk in the geopolitical context: A new frontline

Recent geopolitical developments have underscored how quickly cyber risk can escalate in response to international tensions. Sanctions, tariffs, and shifting alliances don’t just disrupt economies — they create fertile ground for cyber threats that ripple through industries, supply chains, and critical infrastructure. These risks aren’t always clearly attributable or contained, making them especially difficult for insurers to anticipate, model, or price with confidence

Case study: Unknown operations in a sanctioned country

One recent case we worked on with an insurance partner illustrates this reality. Although it wasn’t flagged during the insurers’ firmographic checks, KYND’s technographic discovery identified digital assets and operations linked to a sanctioned country — Iran.

Further investigation uncovered that the company was operating live websites in Iran to sell its products online, although hosting services for this were based in the US and France. Additionally, the certificates for these domains were self-signed, meaning they lacked authentication from a publicly trusted certificate authority. This created several additional security risks, including:

• Man-in-the-Middle Attacks (MITM): Without a trusted certificate authority, attackers could intercept and manipulate communications between users and the website, putting sensitive data at risk.
  
  

• Phishing and spoofing risks: Self-signed certificates make it easier for cybercriminals to impersonate the website, tricking users into providing personal or financial information.
  
  

• Weakened encryption: Without validation from a trusted authority, encryption can be compromised, making data transmissions more vulnerable to interception.

While the presence of a website in Iran was not necessarily a red flag, the lack of proper security controls — combined with the company’s reliance on global hosting infrastructure — significantly increased its exposure to cyber threats. Weaknesses like these are prime targets for malicious actors, including state-sponsored cyber groups looking for insecure digital assets to exploit. Without full visibility into their attack surface, the company had no idea these risks existed – until KYND uncovered them.

For cyber insurers, such overlooked vulnerabilities present significant consequences. A lack of visibility into an applicant’s full digital footprint at the underwriting stage can result in misjudged exposure levels, inaccurate pricing, and heightened accumulation risks. Moreover, unidentified security weaknesses increase the likelihood of claims arising from cyber incidents that could have been mitigated with proper security measures in place.

Additionally, the presence of infrastructure located in a sanctioned country like Iran introduces another layer of complexity. Many jurisdictions, including the US, UK, and EU, impose strict sanctions on financial and business dealings with Iranian entities. This raises critical concerns for insurers, as offering coverage to an organisation with operations in a sanctioned country may inadvertently violate regulatory requirements, leading to legal and financial repercussions.

Beyond regulatory risks, insurers must also consider operational challenges. If a cyber event occurs and affects an insured entity’s services in a sanctioned region, insurers could face limitations in providing claims payments or support due to international sanctions. This not only impacts policyholders but also exposes insurers to reputational damage and compliance scrutiny. Furthermore, traditional risk transfer mechanisms, such as reinsurance, may become more complicated or even unavailable when exposure to sanctioned regions is identified within a portfolio.

Having worked on numerous similar cases with our insurance partners, we’ve seen firsthand how organisations often operate under a false sense of security, assuming they have full visibility into their digital infrastructure. In reality, hidden dependencies can introduce significant, unforeseen risks. Without a clear understanding of their digital footprint, businesses and their insurers face increased exposure to compliance failures, unexpected policy triggers, and regulatory violations, particularly when operating in sanctioned or politically unstable regions.

A real-world snapshot from KYND’s insights

To illustrate just how risky these hidden dependencies can be, we looked at a randomised sample of organisations based in high-risk regions. Within this data sample, our focus was on exposure in active conflict zones and sanctioned countries, specifically examining two high-risk vulnerability categories: email and certificate risks. These are frequently exploited for initial access, and when left unaddressed, often signal deeper, systemic security weaknesses.

Think of them as the tip of the iceberg — visible, easy to exploit, and indicative of broader underlying issues. KYND’s continuous monitoring capabilities are designed to uncover these hidden risks, from proactively scanning for zero-days to identifying subtle exposure patterns.

While state-sponsored actors may reserve advanced exploits for high-value targets, they often favour low-noise methods like phishing and man-in-the-middle attacks. Understanding and navigating geopolitical cyber risk demands both breadth and depth of insight.

Even within this limited scope, we found 37,457 vulnerabilities in countries currently affected by armed conflict. Notably, India stood out due to the ongoing tensions in Kashmir, followed by Russia, Israel, and Ukraine. Palestine and Pakistan also showed exposure.

Other conflict-affected countries — Myanmar, DRC, Ethiopia, Yemen, Sudan, Haiti, Niger, Burkina Faso, Somalia, and Mali — had lower but still present levels of risk.

Vulnerabilities in active conflict zones

In parallel, we also analysed vulnerabilities in countries currently under sanctions, using the U.S. Office of Foreign Assets Control (OFAC) as our source. This revealed 43,058 vulnerabilities, with Hong Kong emerging as the most exposed, followed by Russia.

Vulnerabilities in OFAC-sanctioned areas

As cyber threats grow more sophisticated and geopolitical tensions intensify, the nature of cyber risk is evolving rapidly. It’s no longer confined to isolated incidents or direct attacks on individual organisations. Increasingly, systemic vulnerabilities embedded deep within the digital supply chain and global technology infrastructure are creating interconnected points of failure that can cascade across entire sectors.

Cloud platforms, third-party vendors, and shared software dependencies all contribute to a complex and often opaque risk environment. Without the ability to map and monitor an insured’s full digital footprint, insurers risk underestimating both the scale and contagion potential of a cyber event.

The good news is that, by leveraging advanced cyber risk intelligence tools, insurers can proactively monitor and analyse these obscure dependencies, ensuring compliance with regulatory requirements and reducing exposure to cyber accumulation risks. A data-driven approach to cyber risk underwriting isn’t optional anymore – it is essential for navigating today’s geopolitical uncertainties while safeguarding the financial stability of insurers and their clients.

Adapting to a new cyber risk paradigm with the right intelligence

Effectively navigating the complexities of multidimensional cyber risk requires adopting a strategic, holistic approach to cyber risk management. This means moving beyond traditional risk assessment frameworks and incorporating advanced, real-time analytics and ongoing threat intelligence across the entire cyber insurance lifecycle.

• Pre-underwriting risk intelligence: KYND equips insurers with real-time intelligence on a prospect’s entire digital footprint, identifying exposures linked to geopolitically sensitive countries, high-risk jurisdictions, and critical security gaps. This enables underwriters to assess cyber risk with greater accuracy and avoid blind spots that could lead to mispriced policies or unforeseen liabilities.
  
  

• Ongoing exposure monitoring and accurate accumulation risk insights: Cyber risk is dynamic, and insurers need continuous oversight of their insureds’ evolving exposure. KYND provides real-time monitoring of their portfolio’s digital infrastructure, identifying technological dependencies – such as cloud providers, third-party software, and outsourced services – that could introduce additional vulnerabilities. By gaining full visibility into their insureds’ exposure, insurers can more accurately assess accumulation risk, prevent excessive exposure to systemic threats, and ensure their portfolios remain aligned with their risk appetite.

By embracing a data-driven approach to cyber risk management and integrating this intelligence into their workflows, insurers can proactively manage cyber risks amid geopolitical uncertainties, safeguarding not only their portfolios but also the resilience of the global digital economy.