Security News > 2021 > November > Lloyd's of London suggests insurers should not cover 'retaliatory cyber operations' between nation states
The insurer's "Cyber War and Cyber Operation Exclusion Clauses", published late last week, include an alarming line suggesting policies should not cover "Retaliatory cyber operations between any specified states" or cyber attacks that have "a major detrimental impact on the functioning of a state."
Although the wordings in the four clauses are published as a suggestion for insurers in Lloyd's-underwritten policies and are not concrete rules, they provide a useful indicator for the direction of travel in the slow-moving cyber insurance world.
The policy clauses also raise the idea of insurance companies attributing cyber attacks to nation states in the absence of governments carrying out attribution for specific incidents, an idea that seems extremely unlikely to survive contact with reality.
The document is called "War, cyber war and cyber operations exclusions".
Cyber intrusions tend to come from nation states' spy agencies; an insurance policy which refused to pay out if, say, Russia or China broke into a company's servers to steal customer data would be of very low value in today's world.
In a research report, RUSI also found that insurers were selling policies with minimal due diligence, leading to insurance firms paying out when their clients suffered cyber attacks.