Insurers Will Exclude Some Nation-State Cyber Attacks From Cover

Uploaded on 2022-08-29 in FREE TO VIEW, BUSINESS-Services-Financial

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in March 2023. From that date, Lloyd’s will require all its insurer groups to exclude liability for losses arising from state-backed cyber attacks.

In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyber attack cover” it recognises that “cyber-related business continues to be an evolving risk.” 

Lloyd’s Market Bulletin reads, "Lloyd’s remains strongly supportive of the writing of cyber-attack cover but recognises also that cyber related business continues to be an evolving risk. If not managed properly it has the potential to expose the market to systemic risks that syndicates could struggle to manage... In particular, the ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb.”

The company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyber attack in accordance with several requirements. The move reflects  several changes in a rapidly evolving cyber insurance market.

In a memo sent to the company's 76-plus insurance syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyber attack coverage. In particular, he emphasised the ability of nation state-backed threat actors to spread their attacks quickly and easily and the critical dependencies that societies now have on digital infrastructure meant that the losses that could arise “have the potential to greatly exceed what the insurance market is able to absorb”.

All standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyber attack," Chaudhry wrote. These changes will take effect beginning March 31, 2023 at the inception or renewal of each policy.

At a minimum these policies must exclude losses coming from war, whether declared or not, if the policy doesn't already have a separate war exclusion. They must also at least exclude losses from nation-state cyber attacks that "significantly impair the ability of a state to function or that significantly impair the security capabilities of a state."

Unfortunately for insurers as well as their customers it has become apparent that, it can be very tricky to differentiate between cyber criminals who are directly associated with a government agency, such as Russia's GRU, and those that simply enjoy government protections from prosecution or are sympathetic to particular governments.

Lloyds:     The Register:     CSO Online:    Computer Weekly:      WSJ:       Red Goat

You Might Also Read: 

Estonia Fears Cyber Attacks Will Rise Because Of War In Ukraine:

 

« Bluetooth Standards Are Reshaping Medical Devices
Montenegro Falls Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Infortec

Infortec

Infortec provide consultancy and solutions for the protection of digital information and the management of computer resources.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.