state backed

Claiming on cyber insurance policies is soon to depend on attack attribution. What does this mean for CISOs and insurers?