Insurance Day is part of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By

UsernamePublicRestriction

Lloyd’s sets requirements for state-backed cyber attack exclusions

The state-backed cyber attack exclusion clause must be in addition to any general war exclusion, said Lloyd's

From March 31 next year, all standalone cyber attack policies must exclude liability for losses arising from any state-backed cyber attack

Lloyd’s will require all standalone cyber attack policies to include a clause excluding liability for losses arising from state-backed cyber attacks.

The corporation has set out five minimum prerequisites for cyber attack policies falling within risk codes CY and CZ.

The clause must exclude losses arising from a war (declared or not) where the policy does not have a separate war exclusion and must exclude losses arising from a state-backed cyber attack that impairs a state’s ability to function or its security capabilities.

In addition, the clause must be clear on whether cover excludes IT systems located outside the attacked state and it must establish a clear basis on how the parties will agree if any state backed cyber attack comes from one or more countries.

The state-backed cyber attack exclusion clause must be in addition to any general war exclusion. 

Lloyd's acknowledged cyber-related business continues to be an evolving risk, and said that if not managed properly, it could have the potential to expose the market to systemic losses that syndicates would struggle to manage.

"It is important that Lloyd’s can have confidence that syndicates are managing their exposures to liabilities arising from war and state backed cyber-attacks. Robust wordings also provide the parties with clarity of cover, means that risks can be properly priced and reduces the risk of dispute," the corporation said in a market bulletin. 

“The ability of hostile actors to easily disseminate an attack, the ability for harmful code to spread, and the critical dependency that societies have on their IT infrastructure, including to operate physical assets, means that losses have the potential to greatly exceed what the insurance market is able to absorb,” Lloyd’s added.

'It is important that Lloyd’s can have confidence that syndicates are managing their exposures to liabilities arising from war and state backed cyber-attacks. Robust wordings also provide the parties with clarity of cover, means that risks can be properly priced and reduces the risk of dispute'

Lloyd's

Lloyd's said it recognised many managing agents are already including clauses tailored to exclude attacks from war and non-war state backed cyber-attacks but emphasised that all syndicates writing in this class need to do so to an appropriate standard with robust wordings.

"We consider the complexities that can arise from cyber-attack exposures in the context of war or non-war, state backed attacks means that underwriters should ensure that their wordings are legally reviewed to ensure they are sufficiently robust."

The Lloyd's Market Association has provided a suitable model for clauses addressing state-backed cyber attacks and said it is satisfied any of the four models will meet the requirements set for cyber attack policies.

The new requirement comes into effect from March 31, 2023 at the inception or renewal of each policy. 

For the 2023 year of account business-planning process, Lloyd's said it will be discussing with managing agents the clauses that they will be agreeing for use in standalone cyber attack policies.

"Managing agents will be expected to demonstrate that the clauses they will be adopting meet the requirements set out above. Where managing agents wish to diverge from the requirements set out in this guidance, they will need to provide a robust explanation for their approach and receive agreement from Lloyd’s," the bulletin said. 

Related Content

Topics

UsernamePublicRestriction

Register

ID1141942

Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel