Insurers Will Exclude Some Nation-State Cyber Attacks From Cover

Uploaded on 2022-08-29 in FREE TO VIEW, BUSINESS-Services-Financial

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in March 2023. From that date, Lloyd’s will require all its insurer groups to exclude liability for losses arising from state-backed cyber attacks.

In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyber attack cover” it recognises that “cyber-related business continues to be an evolving risk.” 

Lloyd’s Market Bulletin reads, "Lloyd’s remains strongly supportive of the writing of cyber-attack cover but recognises also that cyber related business continues to be an evolving risk. If not managed properly it has the potential to expose the market to systemic risks that syndicates could struggle to manage... In particular, the ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb.”

The company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyber attack in accordance with several requirements. The move reflects  several changes in a rapidly evolving cyber insurance market.

In a memo sent to the company's 76-plus insurance syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyber attack coverage. In particular, he emphasised the ability of nation state-backed threat actors to spread their attacks quickly and easily and the critical dependencies that societies now have on digital infrastructure meant that the losses that could arise “have the potential to greatly exceed what the insurance market is able to absorb”.

All standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyber attack," Chaudhry wrote. These changes will take effect beginning March 31, 2023 at the inception or renewal of each policy.

At a minimum these policies must exclude losses coming from war, whether declared or not, if the policy doesn't already have a separate war exclusion. They must also at least exclude losses from nation-state cyber attacks that "significantly impair the ability of a state to function or that significantly impair the security capabilities of a state."

Unfortunately for insurers as well as their customers it has become apparent that, it can be very tricky to differentiate between cyber criminals who are directly associated with a government agency, such as Russia's GRU, and those that simply enjoy government protections from prosecution or are sympathetic to particular governments.

Lloyds:     The Register:     CSO Online:    Computer Weekly:      WSJ:       Red Goat

You Might Also Read: 

Estonia Fears Cyber Attacks Will Rise Because Of War In Ukraine:

 

« Bluetooth Standards Are Reshaping Medical Devices
Montenegro Falls Under Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Signal Sciences

Signal Sciences

Signal Sciences Web Protection Platform (WPP) provides comprehensive threat protection and security visibility for web applications, microservices, and APIs on any platform.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

UMBRA

UMBRA

UMBRA is solely concerned with protecting governments against Nation State attacks. We are not a consumer or enterprise company.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Ridgeline International

Ridgeline International

Ridgeline helps organizations manage digital risk through data privacy and secure infrastructure solutions.