My buddy Tom, who sells commercial insurance out of a cramped office in downtown Tampa, called me at 7:15 AM on a Wednesday. That is never good. Tom does not call before 9 unless someone's building burned down or someone's network did.
"Have you seen the Stryker thing?" he asked, and I could hear him scrolling through something on his phone. "Because I have four clients in medical devices and my phone is about to ring off the hook."
The Stryker thing, in case you missed it: an Iran-backed hacktivist group called Handala claimed responsibility for a devastating data-wiper attack against Stryker (NYSE: SYK), a $25-billion-a-year medical technology company based in Kalamazoo, Michigan. According to reports from Ireland — where Stryker sent home more than 5,000 workers — and a Telegram manifesto from Handala, the attackers erased data from more than 200,000 systems, servers, and mobile devices across offices in 79 countries.
Stryker's main US headquarters was reportedly experiencing a "building emergency." Which is corporate-speak for "everything is on fire and we do not know how to put it out."
Disclaimer: This article is for informational purposes only and does not constitute financial, insurance, or investment advice. Insurance policies vary significantly by carrier, state, and policy terms. Consult with a licensed insurance professional before making any coverage decisions. Past claim trends do not guarantee future premium movements.
The Geopolitical Backstory You Need to Understand
Handala claims the attack was retaliation for a February 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times has reported that a military investigation determined the United States was responsible for the strike.
Palo Alto Networks Unit 42 links Handala to Iran's Ministry of Intelligence and Security (MOIS), specifically to an actor called Void Manticore. This is not a random ransomware gang looking for Bitcoin. This is a state-sponsored operation with geopolitical motivations, which changes the insurance math entirely.
What This Means for Cyber Insurance — Starting Right Now
The War Exclusion Problem
Here is where it gets complicated for policyholders. Most cyber insurance policies contain a "war exclusion" clause — the insurer does not have to pay if the attack is deemed an act of war or state-sponsored aggression. The Stryker attack sits in exactly the gray zone that makes underwriters sweat.
"The war exclusion was designed for conventional warfare," explained Sandra, an underwriting director at a top-10 cyber insurer who spoke with me on condition that I not name her employer. "When Zurich tried to invoke it against Mondelez after NotPetya, it went to court and eventually settled. But that was 2017. The language has gotten a lot more specific since then."
According to a 2025 report from Marsh McLennan, 67% of standalone cyber policies now include specific "state-sponsored cyber operations" language separate from traditional war exclusions. Whether Stryker's policy falls into the 67% or the 33% is going to matter — a lot. We are potentially talking about billions in damages across those 79 countries.
The financial impact of cyberattacks goes beyond insurance — if you want to understand the real cost of data breaches to individuals, read our analysis of what identity theft actually costs you when a billion records get leaked.
The geopolitical dimension of this attack connects to broader trends — Europe is pouring hundreds of billions into defense, and cyber insurance is becoming part of that calculus.
Premium Increases Are Coming — Fast
After the Colonial Pipeline attack in 2021, cyber insurance premiums spiked 28% industry-wide within six months, according to the National Association of Insurance Commissioners (NAIC). After NotPetya, Lloyd's of London reported a 34% premium increase for companies in the manufacturing sector.
The Stryker attack is bigger than both of those. Two hundred thousand devices across 79 countries. Tom, my insurance friend, put it bluntly: "If you are in medical devices, biotech, or any sector that Iran considers adjacent to the US military-industrial complex, expect your renewal to come in 30 to 50 percent higher. And that is the optimistic scenario."
I asked him what the pessimistic scenario looked like. "Some carriers just stop writing the coverage entirely for certain sectors. That is what happened with ransomware in 2021 — Axa France literally stopped covering ransomware payments. If state-sponsored wipers become the new normal, I could see the same thing happening for destructive attacks."
The Ripple Effect for Small and Mid-Size Businesses
Here is what nobody is talking about yet: Stryker has 56,000 employees and $25 billion in annual revenue. They have risk management teams, incident response retainers, and presumably robust insurance coverage. They will survive this.
But Stryker has thousands of suppliers, distributors, and healthcare partners who depend on Stryker's systems being operational. Those companies — many of them small and mid-size businesses — are now dealing with supply chain disruptions and may need to file their own cyber claims for business interruption.
"Contingent business interruption claims are going to explode," Sandra told me. "And most SMBs do not even know they have that coverage, or they have it with a $250,000 sublimit that is not going to cover a two-week supply chain outage."
What Smart Policyholders Should Do Right Now
1. Read Your War Exclusion Clause — Actually Read It
I mean it. Pull out your policy document, search for "war," "hostile act," "state-sponsored," and "nation-state." If you do not understand what you find, call your broker. Specifically ask: "If Iran-linked hackers wiped our network tomorrow, would this policy pay out?" If your broker cannot answer clearly, get a new broker.
2. Check Your Contingent Business Interruption Coverage
If you depend on any vendor that could be a geopolitical target (medical devices, defense contractors, energy companies, critical infrastructure), make sure your policy covers losses from their cyber incidents, not just yours. The sublimit matters — $100,000 of contingent BI coverage is basically decorative.
3. Document Everything Before Your Renewal
Premiums are going up. The best way to mitigate the increase is to show underwriters you are a better risk than average. That means documented incident response plans, MFA on everything, endpoint detection deployed and monitored, and — this is the one most companies skip — tabletop exercises that specifically include state-sponsored wiper scenarios.
Tom told me one of his clients reduced their premium increase from 40% to 18% simply by providing evidence of a tabletop exercise they ran in Q4 2025. "Underwriters love tabletops," he said. "It shows you have actually thought about this stuff instead of just buying the software and hoping."
4. Consider a Standalone Cyber Policy
If your cyber coverage is bundled into a general liability or property policy, the war exclusion language is almost certainly broader and less favorable. Standalone cyber policies typically have more nuanced exclusions that are more likely to cover state-sponsored criminal acts as opposed to literal warfare. The NAIC recommends standalone policies for any business with more than $5 million in annual revenue.
For context on how systemic risks ripple through financial markets, see our coverage of US private credit defaults hitting a record 9.2% — another sector where risk models are being rewritten.
The Bigger Picture: Insurability Is the Real Question
Lloyd's of London issued a market bulletin in 2023 requiring all syndicates to explicitly exclude "catastrophic state-backed cyber attacks" from standalone cyber policies. The industry is still figuring out what "catastrophic" means. If 200,000 wiped devices across 79 countries does not qualify, I genuinely do not know what would.
The uncomfortable truth is that cyber insurance was never designed for state-sponsored warfare. It was designed for data breaches, ransomware, and business email compromise. The Stryker attack — alongside NotPetya, WannaCry, and now DRILLAPP — is forcing the industry to confront a question it has been avoiding: can you insure against geopolitics?
Tom does not think so. "At some point, this becomes like insuring a building in a war zone," he said. "The math just does not work." Then he hung up because his phone was ringing again. It was 7:48 AM.
Disclaimer: The information in this article is based on publicly available reports and industry analysis. It should not be relied upon as the basis for insurance purchasing decisions. Always consult with a qualified insurance broker or financial advisor who can assess your specific situation, risk profile, and coverage needs.
Sources: Krebs on Security — Stryker/Handala Report, Palo Alto Networks Unit 42, National Association of Insurance Commissioners (NAIC), Lloyd's of London Market Bulletin, Marsh McLennan — Cyber Insurance Trends
Need help assessing your business's cybersecurity risk and digital infrastructure? Wardigi provides IT consulting and cybersecurity services to protect your business assets.
