Skip to content

War exclusion gains traction in cyber market

November 2, 2022 – Published on Business Insurance

A requirement by Lloyd’s of London that standalone cyber policies include exclusions for state-backed cyberattacks, beginning next March, will provide some clarity to insurers and policyholders, but significant areas of ambiguity remain.

Many observers say the question of when cyberattacks can be attributed to nation-states is inconclusive and may ultimately be resolved only after years of litigation. 

They say also that the exclusion comes against the backdrop of a hard cyber market and its ultimate effect on rates is unclear.

Lloyd’s said in an Aug. 16 market bulletin that while it remains “strongly supportive” of writing cyberattack cover, “if not managed properly it has the potential to expose the market to systemic risk that syndicates could struggle to manage,” with losses potentially exceeding the market’s ability to absorb. 

Experts say the ongoing Russia-Ukraine conflict is lending urgency to the issue. Many point to the litigation that stemmed from the 2017 NotPetya ransomware attack, which was instigated by Russia against Ukraine.

Other insurers have revised their war exclusions as well, including Chubb Ltd., Beazley PLC and Crum & Forster, experts say. The Lloyd’s rule applies most directly to large corporations that go through its market.

Many say attributing disruptions to nation-state attacks is a difficult challenge. 

“That is going to be tough to achieve,” as various criminal groups disappear, regroup, rebrand or break off into smaller subsets, said Mark Lance, Richmond, Virginia-based senior director, cyber defense, at GuidePoint Security LLC. 

Read More HERE.