Cyber market's tussle over scope of war exclusions heats up

Disagreement over the scope of cyber war exclusions is increasing as brokers and clients push to write some types of collateral war risk back into policies.

Insurance Day understands multiple brokers are looking to reintroduce cover for collateral damage caused by cyber events that take place during a war or as part of a state-backed attack.

This would mean buyers would be covered if they were hit by a stray cyber attack meant for another target even if the attack was initially launched by a state actor or as part of an act of war on a target elsewhere.

However, some carriers are pushing back, arguing such wording could increase the scope of war coverage beyond what is normal for other lines of business.

Munich Re has been in conversations with brokers and clients, warning if this sort of cover is made more commonplace it would create unmanageable exposures that would be unsustainable for the line of business in the long run.

Insurance Day understands Munich Re is arguing this type of collateral war damage is usually excluded from other lines of business including property covers. This is despite the fact the geographical realities of property – unlike the borderless nature of cyber threats – make collateral acts of war easier to manage.

The re/insurer is also arguing such wording would make it difficult for any insurer to articulate their risk positions to regulators, analysts or shareholders.

The issue has come up in Marsh’s Echo cyber facility as well as elsewhere in the cyber market. Marsh has not responded to request for comment.

On the other side of the argument, some brokers are concerned the way new war exclusions are being implemented is putting at risk years of effort that has gone into making cyber cover relevant and attractive.

In a recent cyber market report, Aon said exclusions for war, infrastructure and widespread events remain “inconsistent” across the global market and cautioned limiting coverage for widespread events “risked deteriorating the value proposition” of cyber insurance.

Among the brokers that have pushed to reintroduce cover is WTW, which claims to have successfully written back some collateral war cover into its clients’ policies. Andrew Hill, global cyber product leader at the international broker, said the fundamentals of the recently introduced Lloyd’s war exclusions were “largely speaking sound”.

But, he said, the decision to roll exclusions for war, infrastructure and systemic cyber events into the same set of exclusions made it a hard sell for clients.

“All the work we’ve done over the years advancing the benefits of [cyber insurance] and why this is a good solution to purchase; there’s been a reset and you’re having to start all over again with every client,” he said. “Even for a sophisticated buyer, an exclusion that’s one-and-a-half pages long… was too ambitious.”

WTW’s carve-back focuses on the Lloyd’s Market Association’s cyber exclusions clause 5567, which excludes collateral damage caused by cyber attacks that are deployed in conjunction with a physical war.

Under WTW’s policy wordings, if a business’s digital assets are not in the countries at war, and the country they are in has not suffered a major detrimental impact because of the cyber event, they will be covered.

Hill described this as “non-systemic cyber war loss” and said the reintroduction of this cover has “appeased many of our more sceptical buyers” who have raised concerns over new war exclusions.

The market has been prepared to support WTW with the reinclusion of this wording, he added. But, he cautioned, with such a high proportion of the primary cyber risk passed on to reinsurers, the next reinsurance renewal would be key to deciding what cover is kept.